OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

test: expand tls-check-server-identity coverage

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/60002
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit is contained in:
Diango Gavidia 2025-09-24 19:27:57 -04:00 committed by Anna Henningsen
parent b51fd73e10
commit 93ee08cf27
No known key found for this signature in database
1 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
test/parallel/test-tls-check-server-identity.js
View File

@ -62,6 +62,11 @@ const tests = [
cert: { subject: { CN: '.a.com' } }, cert: { subject: { CN: '.a.com' } },
error: 'Host: a.com. is not cert\'s CN: .a.com' error: 'Host: a.com. is not cert\'s CN: .a.com'
}, },
{
host: 'bad.x.example.com',
cert: { subject: { CN: 'bad..example.com' } },
error: 'Host: bad.x.example.com. is not cert\'s CN: bad..example.com'
},
// IP address in CN. Technically allowed but so rare that we reject // IP address in CN. Technically allowed but so rare that we reject
// it anyway. If we ever do start allowing them, we should take care // it anyway. If we ever do start allowing them, we should take care
@ -129,6 +134,16 @@ const tests = [
cert: { subject: { CN: 'b*b.a.com' } }, cert: { subject: { CN: 'b*b.a.com' } },
error: 'Host: b.a.com. is not cert\'s CN: b*b.a.com' error: 'Host: b.a.com. is not cert\'s CN: b*b.a.com'
}, },
{
host: 'bxa.a.com',
cert: { subject: { CN: 'b**.a.com' } },
error: 'Host: bxa.a.com. is not cert\'s CN: b**.a.com'
},
{
host: 'xbcd.a.com',
cert: { subject: { CN: 'ab*cd.a.com' } },
error: 'Host: xbcd.a.com. is not cert\'s CN: ab*cd.a.com'
},
// Empty Cert // Empty Cert
{ {
@ -158,6 +173,11 @@ const tests = [
subject: { CN: ['foo.com', 'bar.com'] } // CN=foo.com; CN=bar.com; subject: { CN: ['foo.com', 'bar.com'] } // CN=foo.com; CN=bar.com;
} }
}, },
{
host: 'a.com',
cert: { subject: { CN: [''] } },
error: 'Host: a.com. is not cert\'s CN: '
},
// DNS names and CN // DNS names and CN
{ {
@ -212,6 +232,46 @@ const tests = [
}, },
// DNS names // DNS names
{
host: 'a.com',
cert: {
subjectaltname: 'DNS:',
subject: {}
},
error: 'Host: a.com. is not in the cert\'s altnames: DNS:'
},
{
host: 'bad.x.example.com',
cert: {
subjectaltname: 'DNS:bad..example.com',
subject: {}
},
error: 'Host: bad.x.example.com. is not in the cert\'s altnames: DNS:bad..example.com'
},
{
host: 'x.example.com',
cert: {
subjectaltname: 'DNS:caf\u00E9.example.com', // "café.example.com"
subject: {}
},
error: 'Host: x.example.com. is not in the cert\'s altnames: DNS:caf\u00E9.example.com'
},
{
host: 'xbcd.a.com',
cert: {
subjectaltname: 'DNS:ab*cd.a.com',
subject: {}
},
error: 'Host: xbcd.a.com. is not in the cert\'s altnames: DNS:ab*cd.a.com'
},
{
host: 'x.example.com',
cert: {
subjectaltname: 'DNS:bad label.com',
subject: {}
},
error: 'Host: x.example.com. is not in the cert\'s altnames: DNS:bad label.com'
},
{ {
host: 'a.com', cert: { host: 'a.com', cert: {
subjectaltname: 'DNS:*.a.com', subjectaltname: 'DNS:*.a.com',
@ -261,6 +321,14 @@ const tests = [
subject: {} subject: {}
} }
}, },
{
host: 'bxa.a.com',
cert: {
subjectaltname: 'DNS:b**.a.com',
subject: {}
},
error: 'Host: bxa.a.com. is not in the cert\'s altnames: DNS:b**.a.com'
},
// URI names // URI names
{ {
host: 'a.b.a.com', cert: { host: 'a.b.a.com', cert: {