diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-08-13 17:12:45 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-13 16:12:45 +0000 |
| commit | 25bb59d2ce83b03356a86013bb80107d29737b52 (patch) | |
| tree | b5a2750965385ad9a715b592ffc89109bf021cd8 | |
| parent | 39a21fd78eb6d9a13d46d108af35c58a3f550332 (diff) | |
fix(tls): print a warning if a system certificate can't be loaded (#25023)
This commit changes how system certificates are loaded on startup.
Instead of hard erroring if a certificate can't be decoded, we are now
printing a warning and bumping a hex representation of the certificate
and continue execution.
Ref https://github.com/denoland/deno/issues/24137
| -rw-r--r-- | cli/args/mod.rs | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/cli/args/mod.rs b/cli/args/mod.rs index afad0528c..0f6f050ef 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -640,8 +640,6 @@ pub enum RootCertStoreLoadError { UnknownStore(String), #[error("Unable to add pem file to certificate store: {0}")] FailedAddPemFile(String), - #[error("Unable to add system certificate to certificate store: {0}")] - FailedAddSystemCert(String), #[error("Failed opening CA file: {0}")] CaFileOpenError(String), } @@ -675,11 +673,19 @@ pub fn get_root_cert_store( "system" => { let roots = load_native_certs().expect("could not load platform certs"); for root in roots { - root_cert_store - .add(rustls::pki_types::CertificateDer::from(root.0)) - .map_err(|e| { - RootCertStoreLoadError::FailedAddSystemCert(e.to_string()) - })?; + if let Err(err) = root_cert_store + .add(rustls::pki_types::CertificateDer::from(root.0.clone())) + { + log::error!( + "{}", + colors::yellow(&format!( + "Unable to add system certificate to certificate store: {:?}", + err + )) + ); + let hex_encoded_root = faster_hex::hex_string(&root.0); + log::error!("{}", colors::gray(&hex_encoded_root)); + } } } _ => { |