'use strict'; require('../common'); const fixtures = require('../common/fixtures'); // Adding a CA certificate to contextWithCert should not also add it to // contextWithoutCert. This is tested by trying to connect to a server that // depends on that CA using contextWithoutCert. const { assert, connect, keys, tls } = require(fixtures.path('tls-connect')); const contextWithoutCert = tls.createSecureContext({}); const contextWithCert = tls.createSecureContext({}); contextWithCert.context.addCACert(keys.agent1.ca); const serverOptions = { key: keys.agent1.key, cert: keys.agent1.cert, }; const clientOptions = { ca: [keys.agent1.ca], servername: 'agent1', rejectUnauthorized: true, }; // This client should fail to connect because it doesn't trust the CA // certificate. clientOptions.secureContext = contextWithoutCert; connect({ client: clientOptions, server: serverOptions, }, function(err, pair, cleanup) { assert(err); assert.strictEqual(err.message, 'unable to verify the first certificate'); cleanup(); // This time it should connect because contextWithCert includes the needed CA // certificate. clientOptions.secureContext = contextWithCert; connect({ client: clientOptions, server: serverOptions, }, function(err, pair, cleanup) { assert.ifError(err); cleanup(); }); });