diff options
| author | Ryan Dahl <ry@tinyclouds.org> | 2021-12-06 18:48:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-07 00:48:11 +0100 |
| commit | a2f1357fe81fe212451567cc433c0e6b4a85edc5 (patch) | |
| tree | 1e4267d9f6e6bb3ddbdf030b4d6d1c547a33b6be /cli/proc_state.rs | |
| parent | b91e6fd02f61ea34881226bc4b202e38ed75123e (diff) | |
chore: upgrade to rustls 0.20 (#12488)
Co-authored-by: Bartek IwaĆczuk <biwanczuk@gmail.com>
Co-authored-by: Bert Belder <bertbelder@gmail.com>
Diffstat (limited to 'cli/proc_state.rs')
| -rw-r--r-- | cli/proc_state.rs | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/cli/proc_state.rs b/cli/proc_state.rs index be3213a62..220138e6f 100644 --- a/cli/proc_state.rs +++ b/cli/proc_state.rs @@ -38,9 +38,11 @@ use deno_graph::MediaType; use deno_graph::ModuleGraphError; use deno_graph::Range; use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel; +use deno_runtime::deno_tls::rustls; use deno_runtime::deno_tls::rustls::RootCertStore; use deno_runtime::deno_tls::rustls_native_certs::load_native_certs; -use deno_runtime::deno_tls::webpki_roots::TLS_SERVER_ROOTS; +use deno_runtime::deno_tls::rustls_pemfile; +use deno_runtime::deno_tls::webpki_roots; use deno_runtime::deno_web::BlobStore; use deno_runtime::inspector_server::InspectorServer; use deno_runtime::permissions::Permissions; @@ -206,13 +208,24 @@ impl ProcState { for store in ca_stores.iter() { match store.as_str() { "mozilla" => { - root_cert_store.add_server_trust_anchors(&TLS_SERVER_ROOTS); + root_cert_store.add_server_trust_anchors( + webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { + rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + }), + ); } "system" => { - let roots = load_native_certs() - .expect("could not load platform certs") - .roots; - root_cert_store.roots.extend(roots); + let roots = + load_native_certs().expect("could not load platform certs"); + for root in roots { + root_cert_store + .add(&rustls::Certificate(root.0)) + .expect("Failed to add platform cert to root cert store"); + } } _ => { return Err(anyhow!("Unknown certificate store \"{}\" specified (allowed: \"system,mozilla\")", store)); @@ -225,9 +238,16 @@ impl ProcState { let certfile = File::open(&ca_file)?; let mut reader = BufReader::new(certfile); - // This function does not return specific errors, if it fails give a generic message. - if let Err(_err) = root_cert_store.add_pem_file(&mut reader) { - return Err(anyhow!("Unable to add pem file to certificate store")); + match rustls_pemfile::certs(&mut reader) { + Ok(certs) => { + root_cert_store.add_parsable_certificates(&certs); + } + Err(e) => { + return Err(anyhow!( + "Unable to add pem file to certificate store: {}", + e + )); + } } } |