mirror of
https://github.com/denoland/deno.git
synced 2024-12-21 23:04:45 -05:00
fix(tls): print a warning if a system certificate can't be loaded (#25023)
This commit changes how system certificates are loaded on startup. Instead of hard erroring if a certificate can't be decoded, we are now printing a warning and bumping a hex representation of the certificate and continue execution. Ref https://github.com/denoland/deno/issues/24137
This commit is contained in:
parent
39a21fd78e
commit
25bb59d2ce
1 changed files with 13 additions and 7 deletions
|
@ -640,8 +640,6 @@ pub enum RootCertStoreLoadError {
|
|||
UnknownStore(String),
|
||||
#[error("Unable to add pem file to certificate store: {0}")]
|
||||
FailedAddPemFile(String),
|
||||
#[error("Unable to add system certificate to certificate store: {0}")]
|
||||
FailedAddSystemCert(String),
|
||||
#[error("Failed opening CA file: {0}")]
|
||||
CaFileOpenError(String),
|
||||
}
|
||||
|
@ -675,11 +673,19 @@ pub fn get_root_cert_store(
|
|||
"system" => {
|
||||
let roots = load_native_certs().expect("could not load platform certs");
|
||||
for root in roots {
|
||||
root_cert_store
|
||||
.add(rustls::pki_types::CertificateDer::from(root.0))
|
||||
.map_err(|e| {
|
||||
RootCertStoreLoadError::FailedAddSystemCert(e.to_string())
|
||||
})?;
|
||||
if let Err(err) = root_cert_store
|
||||
.add(rustls::pki_types::CertificateDer::from(root.0.clone()))
|
||||
{
|
||||
log::error!(
|
||||
"{}",
|
||||
colors::yellow(&format!(
|
||||
"Unable to add system certificate to certificate store: {:?}",
|
||||
err
|
||||
))
|
||||
);
|
||||
let hex_encoded_root = faster_hex::hex_string(&root.0);
|
||||
log::error!("{}", colors::gray(&hex_encoded_root));
|
||||
}
|
||||
}
|
||||
}
|
||||
_ => {
|
||||
|
|
Loading…
Reference in a new issue