summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/tls/lib.rs11
-rw-r--r--tests/testdata/tls/README.md10
-rw-r--r--tests/testdata/tls/localhost_ecc.crt17
-rw-r--r--tests/testdata/tls/localhost_ecc.csr9
-rw-r--r--tests/testdata/tls/localhost_ecc.key5
-rw-r--r--tests/unit/tls_test.ts13
6 files changed, 65 insertions, 0 deletions
diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs
index 9ed8a5a1f..be8cabadc 100644
--- a/ext/tls/lib.rs
+++ b/ext/tls/lib.rs
@@ -23,6 +23,7 @@ use rustls::PrivateKey;
use rustls::RootCertStore;
use rustls::ServerName;
use rustls_pemfile::certs;
+use rustls_pemfile::ec_private_keys;
use rustls_pemfile::pkcs8_private_keys;
use rustls_pemfile::rsa_private_keys;
use serde::Deserialize;
@@ -290,6 +291,12 @@ fn load_rsa_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> {
Ok(keys.into_iter().map(PrivateKey).collect())
}
+/// Starts with -----BEGIN EC PRIVATE KEY-----
+fn load_ec_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> {
+ let keys = ec_private_keys(&mut bytes).map_err(|_| key_decode_err())?;
+ Ok(keys.into_iter().map(PrivateKey).collect())
+}
+
/// Starts with -----BEGIN PRIVATE KEY-----
fn load_pkcs8_keys(mut bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> {
let keys = pkcs8_private_keys(&mut bytes).map_err(|_| key_decode_err())?;
@@ -315,6 +322,10 @@ pub fn load_private_keys(bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> {
}
if keys.is_empty() {
+ keys = load_ec_keys(bytes)?;
+ }
+
+ if keys.is_empty() {
return Err(key_not_found_err());
}
diff --git a/tests/testdata/tls/README.md b/tests/testdata/tls/README.md
index 19bbaec35..721ecbc32 100644
--- a/tests/testdata/tls/README.md
+++ b/tests/testdata/tls/README.md
@@ -38,6 +38,14 @@ openssl x509 -req -sha256 -days 36135 -in localhost.csr -CA RootCA.pem -CAkey Ro
Note that the country / state / city / name in the first command can be
customized.
+Generate localhost_ecc.key, localhost_ecc.csr, and localhost_ecc.crt:
+
+```shell
+openssl ecparam -genkey -name prime256v1 -noout --out localhost_ecc.key
+openssl req -new -key localhost_ecc.key -out localhost_ecc.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local"
+openssl x509 -req -sha256 -days 36135 -in localhost_ecc.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.txt -out localhost_ecc.crt
+```
+
For testing purposes we need following files:
- `RootCA.crt`
@@ -45,3 +53,5 @@ For testing purposes we need following files:
- `RootCA.pem`
- `localhost.crt`
- `localhost.key`
+- `localhost_ecc.crt`
+- `localhost_ecc.key`
diff --git a/tests/testdata/tls/localhost_ecc.crt b/tests/testdata/tls/localhost_ecc.crt
new file mode 100644
index 000000000..b9393b93e
--- /dev/null
+++ b/tests/testdata/tls/localhost_ecc.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZKgAwIBAgIULvZQk8us6eYdpKZraHVkW8YKL/IwDQYJKoZIhvcNAQEL
+BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
+NDA0MDYwNzM4MDlaGA8yMTIzMDMxNDA3MzgwOVowbTELMAkGA1UEBhMCVVMxEjAQ
+BgNVBAgMCVlvdXJTdGF0ZTERMA8GA1UEBwwIWW91ckNpdHkxHTAbBgNVBAoMFEV4
+YW1wbGUtQ2VydGlmaWNhdGVzMRgwFgYDVQQDDA9sb2NhbGhvc3QubG9jYWwwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAATWOALcgzz4LbNikhjVGpkOCUmR8NahjfFw
+9pNBuyZnaTcjfeGfiPaV0iQqvTuQnmL+fTBw8PKxzlKGpzsodQaWo1EwTzAfBgNV
+HSMEGDAWgBTzut+pwwDfqmMYcI9KNWRDhxcIpTAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIE8DAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBABWp
+5LsGj5mWGIy7XpksXb0k2e3fUh+CobNl4JbvE7em68nuyojm0+/vEs8Bpd9vJaUo
+tU1btyTO8xUlOGeyNa9Ddd2gj3oB8IGMjxhazWTSDseZ/WqBt6OudPMmnj+jPRQL
+8Hb0vyXfmabZnWO9WH9/tcCoGdUdKo2KYN/7M2ojSeRq/4BIL08lC2SVX8DlBG40
+8aj3FJo9xsUG59NI31iXVN1UPEN2pakKRJdSVdpbBjxDaEoLw/TB02gqfA43T1fU
+wKz+0UYxSCjeW0lOZ3wlaNN2KqiHLuQ6ePG5kqD8aRufmYWK/ImlO/ZiSX60GiPu
+K1cC6aWEohOhx+k424Y=
+-----END CERTIFICATE-----
diff --git a/tests/testdata/tls/localhost_ecc.csr b/tests/testdata/tls/localhost_ecc.csr
new file mode 100644
index 000000000..646c12034
--- /dev/null
+++ b/tests/testdata/tls/localhost_ecc.csr
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBKDCBzwIBADBtMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91clN0YXRlMREw
+DwYDVQQHDAhZb3VyQ2l0eTEdMBsGA1UECgwURXhhbXBsZS1DZXJ0aWZpY2F0ZXMx
+GDAWBgNVBAMMD2xvY2FsaG9zdC5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABNY4AtyDPPgts2KSGNUamQ4JSZHw1qGN8XD2k0G7JmdpNyN94Z+I9pXSJCq9
+O5CeYv59MHDw8rHOUoanOyh1BpagADAKBggqhkjOPQQDAgNIADBFAiBhQS10Z4WC
+nWEeW1WW1JjFSEZLnM/+SwFRnd5qi4XDOgIhAKANBw+FekrP0NppVCLN/RC7DTra
+jFvKH2rUuewC6iXR
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/testdata/tls/localhost_ecc.key b/tests/testdata/tls/localhost_ecc.key
new file mode 100644
index 000000000..f1efd4b07
--- /dev/null
+++ b/tests/testdata/tls/localhost_ecc.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILL8H0x2ZP/ZZ+CwmKLS/zRleO7k7NBgWH0P767zYvlVoAoGCCqGSM49
+AwEHoUQDQgAE1jgC3IM8+C2zYpIY1RqZDglJkfDWoY3xcPaTQbsmZ2k3I33hn4j2
+ldIkKr07kJ5i/n0wcPDysc5Shqc7KHUGlg==
+-----END EC PRIVATE KEY-----
diff --git a/tests/unit/tls_test.ts b/tests/unit/tls_test.ts
index 84c5e0f30..81d8de315 100644
--- a/tests/unit/tls_test.ts
+++ b/tests/unit/tls_test.ts
@@ -1633,3 +1633,16 @@ Deno.test(
}, Deno.errors.InvalidData);
},
);
+
+Deno.test(
+ { permissions: { net: true, read: true } },
+ function listenTLSEcKey() {
+ const listener = Deno.listenTls({
+ hostname: "localhost",
+ port: 0,
+ certFile: "tests/testdata/tls/localhost_ecc.crt",
+ keyFile: "tests/testdata/tls/localhost_ecc.key",
+ });
+ listener.close();
+ },
+);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 02:38:17 +0000