From ece2a3de5b19588160634452638aa656218853c5 Mon Sep 17 00:00:00 2001
From: Evan <96965321+0xIchigo@users.noreply.github.com>
Date: Mon, 14 Aug 2023 20:11:12 -0400
Subject: fix(ext/net): implement a graceful error on an invalid SSL
 certificate (#20157)

The goal of this PR is to address issue #19520 where Deno panics when
encountering an invalid SSL certificate.

This PR achieves that goal by removing an `.expect()` statement and
implementing a match statement on `tsl_config` (found in
[/ext/net/ops_tsl.rs](https://github.com/denoland/deno/blob/e071382768fa57b5288a6a5ba90e73bf5870b169/ext/net/ops_tls.rs#L1058))
to check whether the desired configuration is valid

---------

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
---
 cli/tests/testdata/tls/invalid.crt |  3 +++
 cli/tests/testdata/tls/invalid.key |  3 +++
 cli/tests/unit/tls_test.ts         | 28 ++++++++++++++++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 cli/tests/testdata/tls/invalid.crt
 create mode 100644 cli/tests/testdata/tls/invalid.key

(limited to 'cli')

diff --git a/cli/tests/testdata/tls/invalid.crt b/cli/tests/testdata/tls/invalid.crt
new file mode 100644
index 000000000..688e32ede
--- /dev/null
+++ b/cli/tests/testdata/tls/invalid.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+INVALID
+-----END CERTIFICATE-----
diff --git a/cli/tests/testdata/tls/invalid.key b/cli/tests/testdata/tls/invalid.key
new file mode 100644
index 000000000..b57bc2f68
--- /dev/null
+++ b/cli/tests/testdata/tls/invalid.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+INVALID
+-----END PRIVATE KEY-----
diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts
index 1f0702f62..8162c53b5 100644
--- a/cli/tests/unit/tls_test.ts
+++ b/cli/tests/unit/tls_test.ts
@@ -1491,3 +1491,31 @@ Deno.test({
   });
   listener.close();
 });
+
+Deno.test(
+  { permissions: { net: true, read: true } },
+  function listenTLSInvalidCert() {
+    assertThrows(() => {
+      Deno.listenTls({
+        hostname: "localhost",
+        port: 3500,
+        certFile: "cli/tests/testdata/tls/invalid.crt",
+        keyFile: "cli/tests/testdata/tls/localhost.key",
+      });
+    }, Deno.errors.InvalidData);
+  },
+);
+
+Deno.test(
+  { permissions: { net: true, read: true } },
+  function listenTLSInvalidKey() {
+    assertThrows(() => {
+      Deno.listenTls({
+        hostname: "localhost",
+        port: 3500,
+        certFile: "cli/tests/testdata/tls/localhost.crt",
+        keyFile: "cli/tests/testdata/tls/invalid.key",
+      });
+    }, Deno.errors.InvalidData);
+  },
+);
-- 
cgit v1.2.3