From 02c74fb70970fcadb7d1e6dab857eeb2cea20e09 Mon Sep 17 00:00:00 2001 From: Justin Chase Date: Sat, 7 Aug 2021 07:49:38 -0500 Subject: feat(tls): Optionally support loading native certs (#11491) This commit adds "DENO_TLS_CA_STORE" env variable to support optionally loading certificates from the users local certificate store. This will allow them to successfully connect via tls with corporate and self signed certs provided they have them installed in their keystore. It also allows them to deal with revoked certs by simply updating their keystore without having to upgrade Deno. Currently supported values are "mozilla", "system" or empty value. --- cli/file_fetcher.rs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'cli/file_fetcher.rs') diff --git a/cli/file_fetcher.rs b/cli/file_fetcher.rs index a7bd503ae..207f08c64 100644 --- a/cli/file_fetcher.rs +++ b/cli/file_fetcher.rs @@ -3,7 +3,6 @@ use crate::auth_tokens::AuthTokens; use crate::colors; use crate::http_cache::HttpCache; -use crate::http_util::create_http_client; use crate::http_util::fetch_once; use crate::http_util::FetchOnceArgs; use crate::http_util::FetchOnceResult; @@ -22,6 +21,8 @@ use deno_core::ModuleSpecifier; use deno_runtime::deno_fetch::reqwest; use deno_runtime::deno_web::BlobStore; use deno_runtime::permissions::Permissions; +use deno_tls::create_http_client; +use deno_tls::rustls::RootCertStore; use log::debug; use log::info; use std::borrow::Borrow; @@ -220,7 +221,7 @@ impl FileFetcher { http_cache: HttpCache, cache_setting: CacheSetting, allow_remote: bool, - ca_data: Option>, + root_cert_store: Option, blob_store: BlobStore, ) -> Result { Ok(Self { @@ -229,7 +230,12 @@ impl FileFetcher { cache: Default::default(), cache_setting, http_cache, - http_client: create_http_client(get_user_agent(), ca_data)?, + http_client: create_http_client( + get_user_agent(), + root_cert_store, + None, + None, + )?, blob_store, }) } -- cgit v1.2.3