From 02c74fb70970fcadb7d1e6dab857eeb2cea20e09 Mon Sep 17 00:00:00 2001 From: Justin Chase Date: Sat, 7 Aug 2021 07:49:38 -0500 Subject: feat(tls): Optionally support loading native certs (#11491) This commit adds "DENO_TLS_CA_STORE" env variable to support optionally loading certificates from the users local certificate store. This will allow them to successfully connect via tls with corporate and self signed certs provided they have them installed in their keystore. It also allows them to deal with revoked certs by simply updating their keystore without having to upgrade Deno. Currently supported values are "mozilla", "system" or empty value. --- cli/flags.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'cli/flags.rs') diff --git a/cli/flags.rs b/cli/flags.rs index 1dafa205f..1c7eaf9a0 100644 --- a/cli/flags.rs +++ b/cli/flags.rs @@ -139,6 +139,7 @@ pub struct Flags { pub allow_read: Option>, pub allow_run: Option>, pub allow_write: Option>, + pub ca_stores: Option>, pub ca_file: Option, pub cache_blocklist: Vec, /// This is not exposed as an option in the CLI, it is used internally when @@ -276,6 +277,9 @@ static ENV_VARIABLES_HELP: &str = r#"ENVIRONMENT VARIABLES: hostnames to use when fetching remote modules from private repositories (e.g. "abcde12345@deno.land;54321edcba@github.com") + DENO_TLS_CA_STORE Comma-seperated list of order dependent certificate stores + (system, mozilla) + (defaults to mozilla) DENO_CERT Load certificate authority from PEM encoded file DENO_DIR Set the cache directory DENO_INSTALL_ROOT Set deno install's output directory -- cgit v1.2.3