Skip to content

Commit 26394cd

Browse files
diangogavaduh95
diangogav
authored and
aduh95
committed
test: expand tls-check-server-identity coverage
PR-URL: #60002 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
1 parent b58df47 commit 26394cd

File tree

1 file changed

+68
-0
lines changed

1 file changed

+68
-0
lines changed

test/parallel/test-tls-check-server-identity.js

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,11 @@ const tests = [
6262
cert: { subject: { CN: '.a.com' } },
6363
error: 'Host: a.com. is not cert\'s CN: .a.com'
6464
},
65+
{
66+
host: 'bad.x.example.com',
67+
cert: { subject: { CN: 'bad..example.com' } },
68+
error: 'Host: bad.x.example.com. is not cert\'s CN: bad..example.com'
69+
},
6570

6671
// IP address in CN. Technically allowed but so rare that we reject
6772
// it anyway. If we ever do start allowing them, we should take care
@@ -129,6 +134,16 @@ const tests = [
129134
cert: { subject: { CN: 'b*b.a.com' } },
130135
error: 'Host: b.a.com. is not cert\'s CN: b*b.a.com'
131136
},
137+
{
138+
host: 'bxa.a.com',
139+
cert: { subject: { CN: 'b**.a.com' } },
140+
error: 'Host: bxa.a.com. is not cert\'s CN: b**.a.com'
141+
},
142+
{
143+
host: 'xbcd.a.com',
144+
cert: { subject: { CN: 'ab*cd.a.com' } },
145+
error: 'Host: xbcd.a.com. is not cert\'s CN: ab*cd.a.com'
146+
},
132147

133148
// Empty Cert
134149
{
@@ -158,6 +173,11 @@ const tests = [
158173
subject: { CN: ['foo.com', 'bar.com'] } // CN=foo.com; CN=bar.com;
159174
}
160175
},
176+
{
177+
host: 'a.com',
178+
cert: { subject: { CN: [''] } },
179+
error: 'Host: a.com. is not cert\'s CN: '
180+
},
161181

162182
// DNS names and CN
163183
{
@@ -212,6 +232,46 @@ const tests = [
212232
},
213233

214234
// DNS names
235+
{
236+
host: 'a.com',
237+
cert: {
238+
subjectaltname: 'DNS:',
239+
subject: {}
240+
},
241+
error: 'Host: a.com. is not in the cert\'s altnames: DNS:'
242+
},
243+
{
244+
host: 'bad.x.example.com',
245+
cert: {
246+
subjectaltname: 'DNS:bad..example.com',
247+
subject: {}
248+
},
249+
error: 'Host: bad.x.example.com. is not in the cert\'s altnames: DNS:bad..example.com'
250+
},
251+
{
252+
host: 'x.example.com',
253+
cert: {
254+
subjectaltname: 'DNS:caf\u00E9.example.com', // "café.example.com"
255+
subject: {}
256+
},
257+
error: 'Host: x.example.com. is not in the cert\'s altnames: DNS:caf\u00E9.example.com'
258+
},
259+
{
260+
host: 'xbcd.a.com',
261+
cert: {
262+
subjectaltname: 'DNS:ab*cd.a.com',
263+
subject: {}
264+
},
265+
error: 'Host: xbcd.a.com. is not in the cert\'s altnames: DNS:ab*cd.a.com'
266+
},
267+
{
268+
host: 'x.example.com',
269+
cert: {
270+
subjectaltname: 'DNS:bad label.com',
271+
subject: {}
272+
},
273+
error: 'Host: x.example.com. is not in the cert\'s altnames: DNS:bad label.com'
274+
},
215275
{
216276
host: 'a.com', cert: {
217277
subjectaltname: 'DNS:*.a.com',
@@ -261,6 +321,14 @@ const tests = [
261321
subject: {}
262322
}
263323
},
324+
{
325+
host: 'bxa.a.com',
326+
cert: {
327+
subjectaltname: 'DNS:b**.a.com',
328+
subject: {}
329+
},
330+
error: 'Host: bxa.a.com. is not in the cert\'s altnames: DNS:b**.a.com'
331+
},
264332
// URI names
265333
{
266334
host: 'a.b.a.com', cert: {

0 commit comments

Comments
 (0)