From 78fc9a4c600d28bf4c899695076f0bce159fb7a6 Mon Sep 17 00:00:00 2001 From: Luca Casonato Date: Thu, 22 Jul 2021 12:28:46 +0200 Subject: fix: support --cert flag for tls connect APIs (#11484) --- extensions/net/lib.rs | 13 ++++++++++++- extensions/net/ops_tls.rs | 14 ++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) (limited to 'extensions') diff --git a/extensions/net/lib.rs b/extensions/net/lib.rs index f3281a2fb..11d0b4493 100644 --- a/extensions/net/lib.rs +++ b/extensions/net/lib.rs @@ -88,12 +88,22 @@ pub fn get_unstable_declaration() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("lib.deno_net.unstable.d.ts") } -pub fn init(unstable: bool) -> Extension { +#[derive(Clone)] +pub struct DefaultTlsOptions { + pub ca_data: Option>, +} + +pub fn init( + ca_data: Option>, + unstable: bool, +) -> Extension { let mut ops_to_register = vec![]; ops_to_register.extend(io::init()); ops_to_register.extend(ops::init::

()); ops_to_register.extend(ops_tls::init::

()); + let default_tls_options = DefaultTlsOptions { ca_data }; + Extension::builder() .js(include_js_files!( prefix "deno:extensions/net", @@ -103,6 +113,7 @@ pub fn init(unstable: bool) -> Extension { )) .ops(ops_to_register) .state(move |state| { + state.put(default_tls_options.clone()); state.put(UnstableChecker { unstable }); Ok(()) }) diff --git a/extensions/net/ops_tls.rs b/extensions/net/ops_tls.rs index 092c74a69..a082f7f62 100644 --- a/extensions/net/ops_tls.rs +++ b/extensions/net/ops_tls.rs @@ -10,6 +10,7 @@ use crate::ops::OpAddr; use crate::ops::OpConn; use crate::resolve_addr::resolve_addr; use crate::resolve_addr::resolve_addr_sync; +use crate::DefaultTlsOptions; use crate::NetPermissions; use deno_core::error::bad_resource; use deno_core::error::bad_resource_id; @@ -60,6 +61,7 @@ use std::convert::From; use std::fs::File; use std::io; use std::io::BufReader; +use std::io::Cursor; use std::io::ErrorKind; use std::ops::Deref; use std::ops::DerefMut; @@ -702,6 +704,7 @@ where }; let cert_file = args.cert_file.as_deref(); + let default_tls_options; { super::check_unstable2(&state, "Deno.startTls"); let mut s = state.borrow_mut(); @@ -710,6 +713,7 @@ where if let Some(path) = cert_file { permissions.check_read(Path::new(path))?; } + default_tls_options = s.borrow::().clone(); } let hostname_dns = DNSNameRef::try_from_ascii_str(hostname) @@ -733,6 +737,10 @@ where tls_config .root_store .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + if let Some(ca_data) = default_tls_options.ca_data { + let reader = &mut Cursor::new(ca_data); + tls_config.root_store.add_pem_file(reader).unwrap(); + }; if let Some(path) = cert_file { let key_file = File::open(path)?; let reader = &mut BufReader::new(key_file); @@ -779,6 +787,7 @@ where let port = args.port; let cert_file = args.cert_file.as_deref(); + let default_tls_options; { let mut s = state.borrow_mut(); let permissions = s.borrow_mut::(); @@ -786,6 +795,7 @@ where if let Some(path) = cert_file { permissions.check_read(Path::new(path))?; } + default_tls_options = s.borrow::().clone(); } let hostname_dns = DNSNameRef::try_from_ascii_str(hostname) @@ -804,6 +814,10 @@ where tls_config .root_store .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + if let Some(ca_data) = default_tls_options.ca_data { + let reader = &mut Cursor::new(ca_data); + tls_config.root_store.add_pem_file(reader).unwrap(); + }; if let Some(path) = cert_file { let key_file = File::open(path)?; let reader = &mut BufReader::new(key_file); -- cgit v1.2.3