test: enable to work pkcs12 test in FIPS mode

The pfx file created by pkcs12 command of openssl causes an error in
FIPS mode because its certificate is encrypted with RC2 by default.
Adding `-descert` option resolves the error.

Fix: https://github.com/nodejs/node/pull/5144
Fix: https://github.com/nodejs/node/pull/5109
PR-URL: https://github.com/nodejs/node/pull/5150
Reviewed-By: Rich Trott <rtrott@gmail.com>

diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
index 1148e52..277734a 100644 (file)
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@@ -81,6 +81,7 @@ agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
 
 agent1-pfx.pem: agent1-cert.pem agent1-key.pem ca1-cert.pem
        openssl pkcs12 -export \
+               -descert \
                -in agent1-cert.pem \
                -inkey agent1-key.pem \
                -certfile ca1-cert.pem \

diff --git a/test/fixtures/keys/agent1-pfx.pem b/test/fixtures/keys/agent1-pfx.pem
index a36e746..b0395ee 100644 (file)
Binary files a/test/fixtures/keys/agent1-pfx.pem and b/test/fixtures/keys/agent1-pfx.pem differ

diff --git a/test/parallel/test-tls-pfx-gh-5100-regr.js b/test/parallel/test-tls-pfx-gh-5100-regr.js
index 29b8955..865ac2b 100644 (file)
--- a/test/parallel/test-tls-pfx-gh-5100-regr.js
+++ b/test/parallel/test-tls-pfx-gh-5100-regr.js
@@ -7,11 +7,6 @@ if (!common.hasCrypto) {
   return;
 }
 
-if (common.hasFipsCrypto) {
-  console.log('1..0 # Skipped: PFX does not work in FIPS mode');
-  return;
-}
-
 const assert = require('assert');
 const tls = require('tls');
 const fs = require('fs');