diff options
| author | Luca Casonato <hello@lcas.dev> | 2021-09-30 09:26:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-30 09:26:15 +0200 |
| commit | 0d7a417f332a57fb3e89250a1ce250b929d0b2f7 (patch) | |
| tree | 8f63043fcf6c5419d6d213a196c54a8b421e3d8b /ext/net/ops_tls.rs | |
| parent | 62920e4ef5bed131c125c4b8b5bdb8250584946f (diff) | |
feat(tls): custom in memory CA certificates (#12219)
This adds support for using in memory CA certificates for
`Deno.startTLS`, `Deno.connectTLS` and `Deno.createHttpClient`.
`certFile` is deprecated in `startTls` and `connectTls`, and removed
from `Deno.createHttpClient`.
Diffstat (limited to 'ext/net/ops_tls.rs')
| -rw-r--r-- | ext/net/ops_tls.rs | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs index 17367af54..d6618440f 100644 --- a/ext/net/ops_tls.rs +++ b/ext/net/ops_tls.rs @@ -649,6 +649,7 @@ pub struct ConnectTlsArgs { hostname: String, port: u16, cert_file: Option<String>, + ca_certs: Vec<String>, cert_chain: Option<String>, private_key: Option<String>, } @@ -658,6 +659,7 @@ pub struct ConnectTlsArgs { struct StartTlsArgs { rid: ResourceId, cert_file: Option<String>, + ca_certs: Vec<String>, hostname: String, } @@ -685,13 +687,16 @@ where } } - let ca_data = match cert_file { - Some(path) => { - let mut buf = Vec::new(); - File::open(path)?.read_to_end(&mut buf)?; - Some(buf) - } - _ => None, + let mut ca_certs = args + .ca_certs + .into_iter() + .map(|s| s.into_bytes()) + .collect::<Vec<_>>(); + + if let Some(path) = cert_file { + let mut buf = Vec::new(); + File::open(path)?.read_to_end(&mut buf)?; + ca_certs.push(buf); }; let hostname_dns = DNSNameRef::try_from_ascii_str(hostname) @@ -724,7 +729,7 @@ where let tls_config = Arc::new(create_client_config( root_cert_store, - ca_data, + ca_certs, unsafely_ignore_certificate_errors, )?); let tls_stream = @@ -786,13 +791,16 @@ where } } - let ca_data = match cert_file { - Some(path) => { - let mut buf = Vec::new(); - File::open(path)?.read_to_end(&mut buf)?; - Some(buf) - } - _ => None, + let mut ca_certs = args + .ca_certs + .into_iter() + .map(|s| s.into_bytes()) + .collect::<Vec<_>>(); + + if let Some(path) = cert_file { + let mut buf = Vec::new(); + File::open(path)?.read_to_end(&mut buf)?; + ca_certs.push(buf); }; let root_cert_store = state @@ -812,7 +820,7 @@ where let remote_addr = tcp_stream.peer_addr()?; let mut tls_config = create_client_config( root_cert_store, - ca_data, + ca_certs, unsafely_ignore_certificate_errors, )?; |