diff options
Diffstat (limited to 'extensions/net')
| -rw-r--r-- | extensions/net/lib.rs | 13 | ||||
| -rw-r--r-- | extensions/net/ops_tls.rs | 14 |
2 files changed, 26 insertions, 1 deletions
diff --git a/extensions/net/lib.rs b/extensions/net/lib.rs index f3281a2fb..11d0b4493 100644 --- a/extensions/net/lib.rs +++ b/extensions/net/lib.rs @@ -88,12 +88,22 @@ pub fn get_unstable_declaration() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("lib.deno_net.unstable.d.ts") } -pub fn init<P: NetPermissions + 'static>(unstable: bool) -> Extension { +#[derive(Clone)] +pub struct DefaultTlsOptions { + pub ca_data: Option<Vec<u8>>, +} + +pub fn init<P: NetPermissions + 'static>( + ca_data: Option<Vec<u8>>, + unstable: bool, +) -> Extension { let mut ops_to_register = vec![]; ops_to_register.extend(io::init()); ops_to_register.extend(ops::init::<P>()); ops_to_register.extend(ops_tls::init::<P>()); + let default_tls_options = DefaultTlsOptions { ca_data }; + Extension::builder() .js(include_js_files!( prefix "deno:extensions/net", @@ -103,6 +113,7 @@ pub fn init<P: NetPermissions + 'static>(unstable: bool) -> Extension { )) .ops(ops_to_register) .state(move |state| { + state.put(default_tls_options.clone()); state.put(UnstableChecker { unstable }); Ok(()) }) diff --git a/extensions/net/ops_tls.rs b/extensions/net/ops_tls.rs index 092c74a69..a082f7f62 100644 --- a/extensions/net/ops_tls.rs +++ b/extensions/net/ops_tls.rs @@ -10,6 +10,7 @@ use crate::ops::OpAddr; use crate::ops::OpConn; use crate::resolve_addr::resolve_addr; use crate::resolve_addr::resolve_addr_sync; +use crate::DefaultTlsOptions; use crate::NetPermissions; use deno_core::error::bad_resource; use deno_core::error::bad_resource_id; @@ -60,6 +61,7 @@ use std::convert::From; use std::fs::File; use std::io; use std::io::BufReader; +use std::io::Cursor; use std::io::ErrorKind; use std::ops::Deref; use std::ops::DerefMut; @@ -702,6 +704,7 @@ where }; let cert_file = args.cert_file.as_deref(); + let default_tls_options; { super::check_unstable2(&state, "Deno.startTls"); let mut s = state.borrow_mut(); @@ -710,6 +713,7 @@ where if let Some(path) = cert_file { permissions.check_read(Path::new(path))?; } + default_tls_options = s.borrow::<DefaultTlsOptions>().clone(); } let hostname_dns = DNSNameRef::try_from_ascii_str(hostname) @@ -733,6 +737,10 @@ where tls_config .root_store .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + if let Some(ca_data) = default_tls_options.ca_data { + let reader = &mut Cursor::new(ca_data); + tls_config.root_store.add_pem_file(reader).unwrap(); + }; if let Some(path) = cert_file { let key_file = File::open(path)?; let reader = &mut BufReader::new(key_file); @@ -779,6 +787,7 @@ where let port = args.port; let cert_file = args.cert_file.as_deref(); + let default_tls_options; { let mut s = state.borrow_mut(); let permissions = s.borrow_mut::<NP>(); @@ -786,6 +795,7 @@ where if let Some(path) = cert_file { permissions.check_read(Path::new(path))?; } + default_tls_options = s.borrow::<DefaultTlsOptions>().clone(); } let hostname_dns = DNSNameRef::try_from_ascii_str(hostname) @@ -804,6 +814,10 @@ where tls_config .root_store .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + if let Some(ca_data) = default_tls_options.ca_data { + let reader = &mut Cursor::new(ca_data); + tls_config.root_store.add_pem_file(reader).unwrap(); + }; if let Some(path) = cert_file { let key_file = File::open(path)?; let reader = &mut BufReader::new(key_file); |