feat: stabilize Deno.startTls (#12581)

This commit stabilizes `Deno.startTls` and removes `certFile` from the
`StartTlsOptions`.

2 files changed, 1 insertions, 57 deletions

diff --git a/cli/dts/lib.deno.unstable.d.ts b/cli/dts/lib.deno.unstable.d.ts
index 5a570d005..c2014bc18 100644
--- a/cli/dts/lib.deno.unstable.d.ts
+++ b/cli/dts/lib.deno.unstable.d.ts
@@ -1093,45 +1093,6 @@ declare namespace Deno {
    */
   export function connectTls(options: ConnectTlsOptions): Promise<TlsConn>;
 
-  export interface StartTlsOptions {
-    /** A literal IP address or host name that can be resolved to an IP address.
-     * If not specified, defaults to `127.0.0.1`. */
-    hostname?: string;
-    /**
-     * @deprecated This option is deprecated and will be removed in a future
-     * release.
-     *
-     * Server certificate file.
-     */
-    certFile?: string;
-    /** A list of root certificates that will be used in addition to the
-     * default root certificates to verify the peer's certificate.
-     *
-     * Must be in PEM format. */
-    caCerts?: string[];
-  }
-
-  /** **UNSTABLE**: new API, yet to be vetted.
-   *
-   * Start TLS handshake from an existing connection using
-   * an optional cert file, hostname (default is "127.0.0.1"). Specifying CA
-   * certs is optional. By default the configured root certificates are used.
-   * Using this function requires that the other end of the connection is
-   * prepared for TLS handshake.
-   *
-   * ```ts
-   * const conn = await Deno.connect({ port: 80, hostname: "127.0.0.1" });
-   * const caCert = await Deno.readTextFile("./certs/my_custom_root_CA.pem");
-   * const tlsConn = await Deno.startTls(conn, { caCerts: [caCert], hostname: "localhost" });
-   * ```
-   *
-   * Requires `allow-net` permission.
-   */
-  export function startTls(
-    conn: Conn,
-    options?: StartTlsOptions,
-  ): Promise<TlsConn>;
-
   export interface ListenTlsOptions {
     /** **UNSTABLE**: new API, yet to be vetted.
      *
diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts
index c66f958d0..fb8888be4 100644
--- a/cli/tests/unit/tls_test.ts
+++ b/cli/tests/unit/tls_test.ts
@@ -1107,23 +1107,6 @@ unitTest(
 
 unitTest(
   { permissions: { read: true, net: true } },
-  async function startTLSCertFile() {
-    const plainConn = await Deno.connect({
-      hostname: "localhost",
-      port: 4557,
-    });
-    const conn = await Deno.startTls(plainConn, {
-      hostname: "localhost",
-      certFile: "cli/tests/testdata/tls/RootCA.pem",
-    });
-    const result = decoder.decode(await readAll(conn));
-    assertEquals(result, "PASS");
-    conn.close();
-  },
-);
-
-unitTest(
-  { permissions: { read: true, net: true } },
   async function tlsHandshakeSuccess() {
     const hostname = "localhost";
     const port = getPort();
@@ -1235,7 +1218,7 @@ unitTest(
       const tcpConn = await Deno.connect({ hostname, port });
       const tlsConn = await Deno.startTls(tcpConn, {
         hostname: "foo.land",
-        certFile: "cli/tests/testdata/tls/RootCA.crt",
+        caCerts: [Deno.readTextFileSync("cli/tests/testdata/tls/RootCA.pem")],
       });
       // Handshake fails because hostname doesn't match the certificate.
       await assertRejects(