// Certs in NODE_EXTRA_CA_CERTS are used for TLS peer validation

'use strict';
const common = require('../common');

if (!common.hasCrypto) {
  common.skip('missing crypto');
  return;
}

const assert = require('assert');
const tls = require('tls');
const fork = require('child_process').fork;
const fs = require('fs');

if (process.env.CHILD) {
  const copts = {
    port: process.env.PORT,
    checkServerIdentity: common.noop,
  };
  const client = tls.connect(copts, function() {
    client.end('hi');
  });
  return;
}

const options = {
  key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
  cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem'),
};

const server = tls.createServer(options, function(s) {
  s.end('bye');
  server.close();
}).listen(0, common.mustCall(function() {
  const env = {
    CHILD: 'yes',
    PORT: this.address().port,
    NODE_EXTRA_CA_CERTS: common.fixturesDir + '/keys/ca1-cert.pem',
  };

  fork(__filename, {env: env}).on('exit', common.mustCall(function(status) {
    assert.strictEqual(status, 0, 'client did not succeed in connecting');
  }));
}));