diff options
| author | Luca Casonato <hello@lcas.dev> | 2021-09-30 09:26:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-30 09:26:15 +0200 |
| commit | 0d7a417f332a57fb3e89250a1ce250b929d0b2f7 (patch) | |
| tree | 8f63043fcf6c5419d6d213a196c54a8b421e3d8b /ext/fetch/lib.rs | |
| parent | 62920e4ef5bed131c125c4b8b5bdb8250584946f (diff) | |
feat(tls): custom in memory CA certificates (#12219)
This adds support for using in memory CA certificates for
`Deno.startTLS`, `Deno.connectTLS` and `Deno.createHttpClient`.
`certFile` is deprecated in `startTls` and `connectTls`, and removed
from `Deno.createHttpClient`.
Diffstat (limited to 'ext/fetch/lib.rs')
| -rw-r--r-- | ext/fetch/lib.rs | 40 |
1 files changed, 9 insertions, 31 deletions
diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs index 3085e7826..b422c2741 100644 --- a/ext/fetch/lib.rs +++ b/ext/fetch/lib.rs @@ -40,8 +40,6 @@ use serde::Serialize; use std::borrow::Cow; use std::cell::RefCell; use std::convert::From; -use std::fs::File; -use std::io::Read; use std::path::Path; use std::path::PathBuf; use std::pin::Pin; @@ -87,7 +85,7 @@ pub fn init<P: FetchPermissions + 'static>( create_http_client( user_agent.clone(), root_cert_store.clone(), - None, + vec![], proxy.clone(), unsafely_ignore_certificate_errors.clone(), client_cert_chain_and_key.clone(), @@ -465,13 +463,10 @@ impl HttpClientResource { } } -#[derive(Deserialize, Default, Debug)] +#[derive(Deserialize, Debug)] #[serde(rename_all = "camelCase")] -#[serde(default)] pub struct CreateHttpClientOptions { - ca_stores: Option<Vec<String>>, - ca_file: Option<String>, - ca_data: Option<ByteString>, + ca_certs: Vec<String>, proxy: Option<Proxy>, cert_chain: Option<String>, private_key: Option<String>, @@ -485,11 +480,6 @@ pub fn op_create_http_client<FP>( where FP: FetchPermissions + 'static, { - if let Some(ca_file) = args.ca_file.clone() { - let permissions = state.borrow_mut::<FP>(); - permissions.check_read(&PathBuf::from(ca_file))?; - } - if let Some(proxy) = args.proxy.clone() { let permissions = state.borrow_mut::<FP>(); let url = Url::parse(&proxy.url)?; @@ -512,13 +502,16 @@ where }; let defaults = state.borrow::<HttpClientDefaults>(); - let cert_data = - get_cert_data(args.ca_file.as_deref(), args.ca_data.as_deref())?; + let ca_certs = args + .ca_certs + .into_iter() + .map(|cert| cert.into_bytes()) + .collect::<Vec<_>>(); let client = create_http_client( defaults.user_agent.clone(), defaults.root_cert_store.clone(), - cert_data, + ca_certs, args.proxy, defaults.unsafely_ignore_certificate_errors.clone(), client_cert_chain_and_key, @@ -527,18 +520,3 @@ where let rid = state.resource_table.add(HttpClientResource::new(client)); Ok(rid) } - -fn get_cert_data( - ca_file: Option<&str>, - ca_data: Option<&[u8]>, -) -> Result<Option<Vec<u8>>, AnyError> { - if let Some(ca_data) = ca_data { - Ok(Some(ca_data.to_vec())) - } else if let Some(ca_file) = ca_file { - let mut buf = Vec::new(); - File::open(ca_file)?.read_to_end(&mut buf)?; - Ok(Some(buf)) - } else { - Ok(None) - } -} |