@@ -54,73 +54,77 @@ const SNIContexts = {
5454 }
5555} ;
5656
57- const clientsOptions = [ {
58- port : undefined ,
59- ca : [ loadPEM ( 'ca1-cert' ) ] ,
60- servername : 'a.example.com' ,
61- rejectUnauthorized : false
62- } , {
63- port : undefined ,
64- ca : [ loadPEM ( 'ca2-cert' ) ] ,
65- servername : 'b.test.com' ,
66- rejectUnauthorized : false
67- } , {
68- port : undefined ,
69- ca : [ loadPEM ( 'ca2-cert' ) ] ,
70- servername : 'a.b.test.com' ,
71- rejectUnauthorized : false
72- } , {
73- port : undefined ,
74- ca : [ loadPEM ( 'ca1-cert' ) ] ,
75- servername : 'c.wrong.com' ,
76- rejectUnauthorized : false
77- } , {
78- port : undefined ,
79- ca : [ loadPEM ( 'ca1-cert' ) ] ,
80- servername : 'chain.example.com' ,
81- rejectUnauthorized : false
82- } ] ;
83-
84- const serverResults = [ ] ;
85- const clientResults = [ ] ;
86-
87- const server = tls . createServer ( serverOptions , function ( c ) {
88- serverResults . push ( c . servername ) ;
89- c . end ( ) ;
90- } ) ;
91-
92- server . addContext ( 'a.example.com' , SNIContexts [ 'a.example.com' ] ) ;
93- server . addContext ( '*.test.com' , SNIContexts [ 'asterisk.test.com' ] ) ;
94- server . addContext ( 'chain.example.com' , SNIContexts [ 'chain.example.com' ] ) ;
95-
96- server . listen ( 0 , startTest ) ;
97-
98- function startTest ( ) {
99- let i = 0 ;
100- function start ( ) {
101- // No options left
102- if ( i === clientsOptions . length )
103- return server . close ( ) ;
104-
105- const options = clientsOptions [ i ++ ] ;
106- options . port = server . address ( ) . port ;
107- const client = tls . connect ( options , function ( ) {
108- clientResults . push (
109- client . authorizationError &&
110- ( client . authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID' ) ) ;
111-
112- // Continue
113- start ( ) ;
57+ test (
58+ {
59+ ca : [ loadPEM ( 'ca1-cert' ) ] ,
60+ servername : 'a.example.com'
61+ } ,
62+ true ,
63+ 'a.example.com'
64+ ) ;
65+
66+ test (
67+ {
68+ ca : [ loadPEM ( 'ca2-cert' ) ] ,
69+ servername : 'b.test.com' ,
70+ } ,
71+ true ,
72+ 'b.test.com'
73+ ) ;
74+
75+ test (
76+ {
77+ ca : [ loadPEM ( 'ca2-cert' ) ] ,
78+ servername : 'a.b.test.com' ,
79+ } ,
80+ false ,
81+ 'a.b.test.com'
82+ ) ;
83+
84+ test (
85+ {
86+ ca : [ loadPEM ( 'ca1-cert' ) ] ,
87+ servername : 'c.wrong.com' ,
88+ } ,
89+ false ,
90+ 'c.wrong.com'
91+ ) ;
92+
93+ test (
94+ {
95+ ca : [ loadPEM ( 'ca1-cert' ) ] ,
96+ servername : 'chain.example.com' ,
97+ } ,
98+ true ,
99+ 'chain.example.com'
100+ ) ;
101+
102+ function test ( options , clientResult , serverResult ) {
103+ const server = tls . createServer ( serverOptions , ( c ) => {
104+ assert . strictEqual ( c . servername , serverResult ) ;
105+ assert . strictEqual ( c . authorized , false ) ;
106+ } ) ;
107+
108+ server . addContext ( 'a.example.com' , SNIContexts [ 'a.example.com' ] ) ;
109+ server . addContext ( '*.test.com' , SNIContexts [ 'asterisk.test.com' ] ) ;
110+ server . addContext ( 'chain.example.com' , SNIContexts [ 'chain.example.com' ] ) ;
111+
112+ server . on ( 'tlsClientError' , common . mustNotCall ( ) ) ;
113+
114+ server . listen ( 0 , ( ) => {
115+ const client = tls . connect ( {
116+ ...options ,
117+ port : server . address ( ) . port ,
118+ rejectUnauthorized : false
119+ } , ( ) => {
120+ const result = client . authorizationError &&
121+ ( client . authorizationError === 'ERR_TLS_CERT_ALTNAME_INVALID' ) ;
122+ assert . strictEqual ( result , clientResult ) ;
123+ client . end ( ) ;
114124 } ) ;
115- }
116125
117- start ( ) ;
126+ client . on ( 'close' , common . mustCall ( ( ) => {
127+ server . close ( ) ;
128+ } ) ) ;
129+ } ) ;
118130}
119-
120- process . on ( 'exit' , function ( ) {
121- assert . deepStrictEqual ( serverResults , [
122- 'a.example.com' , 'b.test.com' , 'a.b.test.com' , 'c.wrong.com' ,
123- 'chain.example.com'
124- ] ) ;
125- assert . deepStrictEqual ( clientResults , [ true , true , false , false , true ] ) ;
126- } ) ;
0 commit comments