From e24519bfd342caebf5d9d68251cc72ca1e1df155 Mon Sep 17 00:00:00 2001
From: Antti Jaakkola <antti.jaakkola@remod.fi>
Date: Wed, 14 Jun 2017 17:15:43 +0300
Subject: [PATCH] node-https stub

---
 stubs/node-https/README.md   | 11 ++++++++++
 stubs/node-https/results.txt | 39 ++++++++++++++++++++++++++++++++++++
 stubs/node-https/run.js      | 33 ++++++++++++++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 stubs/node-https/README.md
 create mode 100644 stubs/node-https/results.txt
 create mode 100644 stubs/node-https/run.js

diff --git a/stubs/node-https/README.md b/stubs/node-https/README.md
new file mode 100644
index 0000000..a21b583
--- /dev/null
+++ b/stubs/node-https/README.md
@@ -0,0 +1,11 @@
+## Get started
+
+### Install
+
+* node
+
+### Run
+
+```
+# node run.js [host] [port] <ca-bundle>
+```
\ No newline at end of file
diff --git a/stubs/node-https/results.txt b/stubs/node-https/results.txt
new file mode 100644
index 0000000..1443cfd
--- /dev/null
+++ b/stubs/node-https/results.txt
@@ -0,0 +1,39 @@
+platform: OS X 10.12.5
+runner: trytls 0.3.7 (CPython 3.5.2)
+stub: node stubs/node-https/run.js
+ PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443]
+ PASS protect against the FREAK attack [reject www.ssllabs.com:10444]
+ PASS protect against the Logjam attack [reject www.ssllabs.com:10445]
+ PASS support for TLS server name indication (SNI) [accept badssl.com:443]
+ PASS self-signed certificate [reject self-signed.badssl.com:443]
+ PASS expired certificate [reject expired.badssl.com:443]
+ PASS wrong hostname in certificate [reject wrong.host.badssl.com:443]
+ PASS SHA-256 signature algorithm [accept sha256.badssl.com:443]
+ PASS certificate with 1000 different Subject Alternative Names [accept 1000-sans.badssl.com:443]
+ PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443]
+ PASS Superfish CA [reject superfish.badssl.com:443]
+ PASS eDellRoot CA [reject edellroot.badssl.com:443]
+ PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443]
+ PASS untrusted root certificate [reject untrusted-root.badssl.com:443]
+ PASS denies use of RC4 ciphers (RFC 7465) [reject rc4.badssl.com:443]
+ PASS denies use of RC4 with MD5 ciphers [reject rc4-md5.badssl.com:443]
+ PASS denies use of null cipher [reject null.badssl.com:443]
+ PASS denies use of 480 bit Diffie-Hellman (DH) [reject dh480.badssl.com:443]
+ PASS denies use of 512 bit Diffie-Hellman (DH) [reject dh512.badssl.com:443]
+ PASS valid certificate Common Name [accept domain-match.badtls.io:10000]
+ PASS valid wildcard certificate Common Name [accept wildcard-match.badtls.io:10001]
+ PASS support for Subject Alternative Name (SAN) [accept san-match.badtls.io:10002]
+ PASS TLS handshake with 1024 bit Diffie-Hellman (DH) [accept dh1024.badtls.io:10005]
+ PASS certificate expired in year 1963 [reject expired-1963.badtls.io:11000]
+ PASS certificate validity starts in future [reject future.badtls.io:11001]
+ PASS mismatch in certificate's Common Name [reject domain-mismatch.badtls.io:11002]
+ PASS Subject Alternative Name (SAN) mismatch [reject san-mismatch.badtls.io:11003]
+ PASS certificate has invalid key usage for HTTPS connection [reject bad-key-usage.badtls.io:11005]
+ PASS expired certificate [reject expired.badtls.io:11006]
+ PASS invalid wildcard certificate Common Name [reject wildcard.mismatch.badtls.io:11007]
+ PASS denies use of RC4 ciphers (RFC 7465) [reject rc4.badtls.io:11008]
+ FAIL denies use of MD5 signature algorithm (RFC 6151) [reject weak-sig.badtls.io:11004]
+ PASS denies use of RC4 with MD5 ciphers [reject rc4-md5.badtls.io:11009]
+ PASS valid localhost certificate [accept localhost:<temp port>]
+ PASS invalid localhost certificate [reject localhost:<temp port>]
+ PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443]
\ No newline at end of file
diff --git a/stubs/node-https/run.js b/stubs/node-https/run.js
new file mode 100644
index 0000000..8acea4f
--- /dev/null
+++ b/stubs/node-https/run.js
@@ -0,0 +1,33 @@
+var https = require('https');
+var fs = require('fs');
+
+var host = process.argv[2];
+var port = process.argv[3];
+var ca   = process.argv[4];
+
+if (process.argv.length >= 6) {
+    console.log("UNSUPPORTED");
+    process.exit()
+}
+
+var options = {
+   host: host,
+   port: port,
+   path: '/',
+   method: 'GET'
+};
+
+if (ca !== undefined) {
+    options['ca'] = [ fs.readFileSync(ca) ];
+}
+
+options.agent = new https.Agent(options);
+
+https.get(options, (res) => {
+   res.setEncoding('utf8');
+   res.on('end', () => {
+       console.log("ACCEPT");
+   });
+}).on('error', (e) => {
+   console.error("REJECT");
+});