tls: add option for private keys for OpenSSL engines

Add `privateKeyIdentifier` and `privateKeyEngine` options
to get private key from an OpenSSL engine in tls.createSecureContext().

PR-URL: https://github.com/nodejs/node/pull/28973
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

1 files changed, 34 insertions, 0 deletions

diff --git a/test/parallel/test-tls-keyengine-unsupported.js b/test/parallel/test-tls-keyengine-unsupported.js
new file mode 100644
index 0000000000..149fc4dc31
--- /dev/null
+++ b/test/parallel/test-tls-keyengine-unsupported.js
@@ -0,0 +1,34 @@
+// Flags: --expose-internals
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+// Monkey-patch SecureContext
+const { internalBinding } = require('internal/test/binding');
+const binding = internalBinding('crypto');
+const NativeSecureContext = binding.SecureContext;
+
+binding.SecureContext = function() {
+  const rv = new NativeSecureContext();
+  rv.setEngineKey = undefined;
+  return rv;
+};
+
+const tls = require('tls');
+
+{
+  common.expectsError(
+    () => {
+      tls.createSecureContext({
+        privateKeyEngine: 'engine',
+        privateKeyIdentifier: 'key'
+      });
+    },
+    {
+      code: 'ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED',
+      message: 'Custom engines not supported by this OpenSSL'
+    }
+  );
+}