From 0d7a417f332a57fb3e89250a1ce250b929d0b2f7 Mon Sep 17 00:00:00 2001 From: Luca Casonato Date: Thu, 30 Sep 2021 09:26:15 +0200 Subject: feat(tls): custom in memory CA certificates (#12219) This adds support for using in memory CA certificates for `Deno.startTLS`, `Deno.connectTLS` and `Deno.createHttpClient`. `certFile` is deprecated in `startTls` and `connectTls`, and removed from `Deno.createHttpClient`. --- ext/tls/lib.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'ext/tls') diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 7632da5e6..076ef59fb 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -136,7 +136,7 @@ pub fn create_default_root_cert_store() -> RootCertStore { pub fn create_client_config( root_cert_store: Option, - ca_data: Option>, + ca_certs: Vec>, unsafely_ignore_certificate_errors: Option>, ) -> Result { let mut tls_config = ClientConfig::new(); @@ -144,11 +144,11 @@ pub fn create_client_config( tls_config.root_store = root_cert_store.unwrap_or_else(create_default_root_cert_store); - // If a custom cert is specified, add it to the store - if let Some(cert) = ca_data { + // If custom certs are specified, add them to the store + for cert in ca_certs { let reader = &mut BufReader::new(Cursor::new(cert)); // This function does not return specific errors, if it fails give a generic message. - if let Err(_err) = tls_config.root_store.add_pem_file(reader) { + if let Err(()) = tls_config.root_store.add_pem_file(reader) { return Err(anyhow!("Unable to add pem file to certificate store")); } } @@ -215,14 +215,14 @@ pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { pub fn create_http_client( user_agent: String, root_cert_store: Option, - ca_data: Option>, + ca_certs: Vec>, proxy: Option, unsafely_ignore_certificate_errors: Option>, client_cert_chain_and_key: Option<(String, String)>, ) -> Result { let mut tls_config = create_client_config( root_cert_store, - ca_data, + ca_certs, unsafely_ignore_certificate_errors, )?; -- cgit v1.2.3