From cb87cb0283fbe95ace2317b0617e7e74382bf4db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 17 May 2023 02:19:23 +0200 Subject: fix: support "fetch" over HTTPS for IP addresses (#18499) This commit adds support for connecting to IP addresses over HTTPS. This is done by updating "rustls" to "0.21.0" and other related crates. Closes https://github.com/denoland/deno/issues/7660 Closes https://github.com/denoland/deno/issues/17967 --------- Co-authored-by: Divy Srivastava --- cli/tests/testdata/cert/localhost_unsafe_ssl.ts.out | 2 +- cli/tests/testdata/run/websocket_test.ts | 5 ++++- cli/tests/unit/fetch_test.ts | 12 ++++++++++++ cli/tests/unit/tls_test.ts | 4 ++-- 4 files changed, 19 insertions(+), 4 deletions(-) (limited to 'cli') diff --git a/cli/tests/testdata/cert/localhost_unsafe_ssl.ts.out b/cli/tests/testdata/cert/localhost_unsafe_ssl.ts.out index 0bfaeb25d..4b95c1136 100644 --- a/cli/tests/testdata/cert/localhost_unsafe_ssl.ts.out +++ b/cli/tests/testdata/cert/localhost_unsafe_ssl.ts.out @@ -1,3 +1,3 @@ DANGER: TLS certificate validation is disabled for: deno.land -error: error sending request for url (https://localhost:5545/subdir/mod2.ts): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer +error: error sending request for url (https://localhost:5545/subdir/mod2.ts): error trying to connect: invalid peer certificate: UnknownIssuer at file:///[WILDCARD]/cafile_url_imports.ts:[WILDCARD] diff --git a/cli/tests/testdata/run/websocket_test.ts b/cli/tests/testdata/run/websocket_test.ts index 27bc5adf9..d80f03c92 100644 --- a/cli/tests/testdata/run/websocket_test.ts +++ b/cli/tests/testdata/run/websocket_test.ts @@ -161,7 +161,10 @@ Deno.test("websocket error", async () => { assert(err instanceof ErrorEvent); // Error message got changed because we don't use warp in test_util - assertEquals(err.message, "InvalidData: received corrupt message"); + assertEquals( + err.message, + "InvalidData: received corrupt message of type InvalidContentType", + ); promise1.resolve(); }; await promise1; diff --git a/cli/tests/unit/fetch_test.ts b/cli/tests/unit/fetch_test.ts index a92a7a051..7de04013e 100644 --- a/cli/tests/unit/fetch_test.ts +++ b/cli/tests/unit/fetch_test.ts @@ -1495,6 +1495,18 @@ Deno.test( }, ); +Deno.test( + { permissions: { net: true, read: true } }, + async function fetchSupportsHttpsOverIpAddress() { + const caCert = await Deno.readTextFile("cli/tests/testdata/tls/RootCA.pem"); + const client = Deno.createHttpClient({ caCerts: [caCert] }); + const res = await fetch("https://localhost:5546/http_version", { client }); + assert(res.ok); + assertEquals(await res.text(), "HTTP/1.1"); + client.close(); + }, +); + Deno.test( { permissions: { net: true, read: true } }, async function fetchSupportsHttp1Only() { diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts index b7cde1020..c8dd7ddbe 100644 --- a/cli/tests/unit/tls_test.ts +++ b/cli/tests/unit/tls_test.ts @@ -1337,7 +1337,7 @@ Deno.test( await assertRejects( () => conn.handshake(), Deno.errors.InvalidData, - "BadCertificate", + "received fatal alert", ); } conn.close(); @@ -1368,7 +1368,7 @@ Deno.test( await assertRejects( () => tlsConn.handshake(), Deno.errors.InvalidData, - "CertNotValidForName", + "NotValidForName", ); tlsConn.close(); } -- cgit v1.2.3