archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
node/test/parallel/test-tls-set-default-ca-certificates-basic.js
Joyee Cheung edd66d0130
crypto: add tls.setDefaultCACertificates() 
This API allows dynamically configuring CA certificates that
will be used by the Node.js TLS clients by default.

Once called, the provided certificates will become the default CA
certificate list returned by `tls.getCACertificates('default')` and
used by TLS connections that don't specify their own CA certificates.

This function only affects the current Node.js thread.

PR-URL: https://github.com/nodejs/node/pull/58822
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tim Perry <pimterry@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
2025-07-18 19:57:53 +00:00

58 lines
1.9 KiB
JavaScript
Raw Blame History

'use strict';
// This tests the basic functionality of tls.setDefaultCACertificates().
const common = require('../common');
if (!common.hasCrypto) common.skip('missing crypto');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const { assertEqualCerts } = require('../common/tls');
const originalBundled = tls.getCACertificates('bundled');
const originalSystem = tls.getCACertificates('system');
const fixtureCert = fixtures.readKey('fake-startcom-root-cert.pem');
function testSetCertificates(certs) {
// Test setting it can be verified with tls.getCACertificates().
tls.setDefaultCACertificates(certs);
const result = tls.getCACertificates('default');
assertEqualCerts(result, certs);
// Verify that other certificate types are unchanged
const newBundled = tls.getCACertificates('bundled');
const newSystem = tls.getCACertificates('system');
assertEqualCerts(newBundled, originalBundled);
assertEqualCerts(newSystem, originalSystem);
// Test implicit defaults.
const implicitDefaults = tls.getCACertificates();
assertEqualCerts(implicitDefaults, certs);
// Test cached results.
const cachedResult = tls.getCACertificates('default');
assertEqualCerts(cachedResult, certs);
const cachedImplicitDefaults = tls.getCACertificates();
assertEqualCerts(cachedImplicitDefaults, certs);
}
// Test setting with fixture certificate.
testSetCertificates([fixtureCert]);
// Test setting with empty array.
testSetCertificates([]);
// Test setting with bundled certificates
testSetCertificates(originalBundled);
// Test combining bundled and extra certificates.
testSetCertificates([...originalBundled, fixtureCert]);
// Test setting with a subset of bundled certificates
if (originalBundled.length >= 3) {
testSetCertificates(originalBundled.slice(0, 3));
}
// Test duplicate certificates
tls.setDefaultCACertificates([fixtureCert, fixtureCert, fixtureCert]);
assertEqualCerts(tls.getCACertificates('default'), [fixtureCert]);
Reference in a new issue View git blame Copy permalink