fixup! fixup! tls: add allowPartialTrustChain flag

addaleax · addaleax · commit 5f501b457a58 · 2024-09-05T17:56:19.000+02:00
diff --git a/test/parallel/test-tls-client-allow-partial-trust-chain.js b/test/parallel/test-tls-client-allow-partial-trust-chain.js
@@ -10,35 +10,46 @@ const tls = require('tls');
 const fixtures = require('../common/fixtures');
 
 // agent6-cert.pem is signed by intermediate cert of ca3.
-// The server has a cert chain of agent6->ca3->ca1(root) but
-
-async function test() {
-  const server = tls.createServer({
-    ca: fixtures.readKey('ca3-cert.pem'),
-    key: fixtures.readKey('agent6-key.pem'),
-    cert: fixtures.readKey('agent6-cert.pem'),
-  }, (socket) => socket.resume());
-  server.listen(0);
-  await once(server, 'listening');
-
-  const opts = {
-    port: server.address().port,
-    ca: fixtures.readKey('ca3-cert.pem'),
-    checkServerIdentity() {}
-  };
-
-  // Connecting succeeds with allowPartialTrustChain: true
-  const client = tls.connect({ ...opts, allowPartialTrustChain: true });
-  await once(client, 'secureConnect');
-  client.destroy();
-
-  // Consistency check: Connecting fails without allowPartialTrustChain: true
-  await assert.rejects(async () => {
-    const client = tls.connect(opts);
-    await once(client, 'secureConnect');
-  }, { code: 'UNABLE_TO_GET_ISSUER_CERT' });
-
-  server.close();
-}
-
-test().catch((err) => process.nextTick(() => { throw err; }));
+// The server has a cert chain of agent6->ca3->ca1(root).
+
+const { it, beforeEach, afterEach, describe } = require('node:test');
+
+describe('allowPartialTrustChain', function() {
+  let server;
+  let client;
+  let opts;
+
+  beforeEach(async function() {
+    server = tls.createServer({
+      ca: fixtures.readKey('ca3-cert.pem'),
+      key: fixtures.readKey('agent6-key.pem'),
+      cert: fixtures.readKey('agent6-cert.pem'),
+    }, (socket) => socket.resume());
+    server.listen(0);
+    await once(server, 'listening');
+
+    opts = {
+      port: server.address().port,
+      ca: fixtures.readKey('ca3-cert.pem'),
+      checkServerIdentity() {}
+    };
+  });
+
+  afterEach(async function() {
+    client?.destroy();
+    server?.close();
+  });
+
+  it('can connect successfully with allowPartialTrustChain: true', async function() {
+    client = tls.connect({ ...opts, allowPartialTrustChain: true });
+    await once(client, 'secureConnect'); // Should not throw
+  });
+
+  it('fails without with allowPartialTrustChain: true for an intermediate cert in the CA', async function() {
+    // Consistency check: Connecting fails without allowPartialTrustChain: true
+    await assert.rejects(async () => {
+      const client = tls.connect(opts);
+      await once(client, 'secureConnect');
+    }, { code: 'UNABLE_TO_GET_ISSUER_CERT' });
+  });
+});
