crypto: add deprecated ValiCert CA for cross cert

Shigeki Ohtsu · Shigeki Ohtsu · commit d8c4a932c9a5 · 2015-03-13T20:18:54.000+09:00
The host of melissadata.net has a cross root certification between Starfield Class 2 and ValiCert Class 2. OpenSSL-1.0.1 only looks up a cert chain to the deprecated ValiCert Class 2 CA and causes untrusted error. We add it for a short-term remedy and it is to be removed after upgrading OpenSSSL-1.0.2 and applying private patches to support alternative cert chains. See #402 and #589. Fixes: #923 PR-URL: #1135 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
diff --git a/src/node_root_certs.h b/src/node_root_certs.h
@@ -3911,3 +3911,22 @@
 "ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLB\n"
 "sX5VYc8T1yaw15zLKYs4SgsOkI26oQ==\n"
 "-----END CERTIFICATE-----\n",
+
+/* This root cert is 1024bit RSA to be removed in future. See GH-923. */
+/* ValiCert Class 2 VA */
+"-----BEGIN CERTIFICATE-----\n"
+"MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlk\n"
+"YXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlD\n"
+"ZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw\n"
+"Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29t\n"
+"MB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYyNjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0\n"
+"IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsT\n"
+"LFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQD\n"
+"ExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl\n"
+"cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vYdA757tn2\n"
+"VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9WlmpZdRJEy0kTRxQ\n"
+"b7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QSv4dk+NoS/zcnwbNDu+97bi5p\n"
+"9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9vUJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6\n"
+"EILLGACOTb2oWH+heQC1u+mNr0HZDzTuIYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2az\n"
+"SiGM5bUMMj4QssxsodyamEwCW/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd\n"
+"-----END CERTIFICATE-----\n",
diff --git a/test/internet/test-tls-connnect-melissadata.js b/test/internet/test-tls-connnect-melissadata.js
@@ -0,0 +1,7 @@
+// Test for authorized access to the server which has a cross root
+// certification between Starfield Class 2 and ValiCert Class 2
+var tls = require('tls');
+var socket = tls.connect(443, 'address.melissadata.net', function() {
+  socket.resume();
+  socket.destroy();
+});
