Skip to content

Commit

Permalink
chore: add test for altname mismatch
Browse files Browse the repository at this point in the history
  • Loading branch information
@jackwotherspoon
jackwotherspoon committed Sep 30, 2024
1 parent a91a1c5 commit c1bfd67
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions test/socket.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,26 @@ t.test('validateCertificate mismatch', async t => {
'should return a missing cert to verify error'
);
});

t.test('validateCertificate mismatch CAS CA', async t => {
const cert = {
subjectaltname: 'DNS:abcde.12345.us-central1.sql.goog',
} as tls.PeerCertificate;
t.match(
validateCertificate(
{
projectId: 'my-project',
regionId: 'region-id',
instanceId: 'my-instance',
},
'GOOGLE_MANAGED_CAS_CA',
'bad.dns.us-central1.sql.goog'
)('hostname', cert),
{
message:
"Hostname/IP does not match certificate's altnames: Host: bad.dns.us-central1.sql.goog. is not in the cert's altnames: DNS:abcde.12345.us-central1.sql.goog",
code: 'ERR_TLS_CERT_ALTNAME_INVALID',
},
'should return an invalid altname error'
);
});

0 comments on commit c1bfd67

Please sign in to comment.