Merge pull request #123 from pontusmelke/1.0-handle-multiple-ca

Properly handle multiple trusted certs

Author: oskarhane

src/v1/internal/ch-node.js

@@ -116,7 +116,7 @@ const TrustStrategy = {
     }
 
     let tlsOpts = {
-      ca: opts.trustedCertificates.map(fs.readFileSync),
+      ca: opts.trustedCertificates.map((f) => fs.readFileSync(f)),
       // Because we manually check for this in the connect callback, to give
       // a more helpful error to the user
       rejectUnauthorized: false
@@ -129,7 +129,7 @@ const TrustStrategy = {
           " using `neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This " +
           " is a security measure to protect against man-in-the-middle attacks. If you are just trying " +
           " Neo4j out and are not concerned about encryption, simply disable it using `encrypted=false` in the driver" +
-          " options."));
+          " options. Socket responded with: " + socket.authorizationError));
       } else {
         onSuccess();
       }

test/internal/tls.test.js

@@ -65,6 +65,24 @@ describe('trust-signed-certificates', function() {
     driver.session().run( "RETURN 1").then( done );
   });
 
+  it('should handle multiple certificates', function(done) {
+    // Assuming we only run this test on NodeJS with TOFU support
+    if( !NodeChannel.available ) {
+      done();
+      return;
+    }
+
+    // Given
+    driver = neo4j.driver("bolt://localhost", neo4j.auth.basic("neo4j", "neo4j"), {
+      encrypted: true,
+      trust: "TRUST_SIGNED_CERTIFICATES",
+      trustedCertificates: ["build/neo4j/certificates/neo4j.cert", "test/resources/random.certificate"]
+    });
+
+    // When
+    driver.session().run( "RETURN 1").then( done );
+  });
+
   afterEach(function(){
     if( driver ) {
       driver.close();

test/v1/tck/steps/tlssteps.js

@@ -76,7 +76,7 @@ module.exports = function () {
       "to store this information by setting `knownHosts` to another path in your driver configuration - " +
       "and you can disable encryption there as well using `encrypted:false`.";
     if (this.error.message !== expected) {
-      callback(new Error("Given and expected results does not match: " + this.error.message + " Expected " + expected));
+      callback(new Error("Given and expected results does not match: " + this.error.message + " Expected: " + expected));
     } else {
       callback();
     }
@@ -155,7 +155,7 @@ module.exports = function () {
       "certificate, or the server certificate, to the list of certificates trusted by this driver using " +
       "`neo4j.v1.driver(.., { trustedCertificates:['path/to/certificate.crt']}). This  is a security measure to protect " +
       "against man-in-the-middle attacks. If you are just trying  Neo4j out and are not concerned about encryption, " +
-      "simply disable it using `encrypted=false` in the driver options.";
+      "simply disable it using `encrypted=false` in the driver options. Socket responded with: DEPTH_ZERO_SELF_SIGNED_CERT";
     if (this.error.message !== expected) {
       callback(new Error("Given and expected results does not match: " + this.error.message + " Expected " + expected));
     } else {