diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts index fa869037e2..0528c80438 100644 --- a/cli/tests/unit/tls_test.ts +++ b/cli/tests/unit/tls_test.ts @@ -32,7 +32,7 @@ unitTest( await assertThrowsAsync(async () => { await Deno.connectTls({ hostname: "127.0.0.1", port: 3567 }); - }, Error); + }, TypeError); listener.close(); }, diff --git a/core/error.rs b/core/error.rs index a269d637fa..65e2e8da4c 100644 --- a/core/error.rs +++ b/core/error.rs @@ -36,6 +36,10 @@ pub fn type_error(message: impl Into>) -> AnyError { custom_error("TypeError", message) } +pub fn invalid_hostname(hostname: &str) -> AnyError { + type_error(format!("Invalid hostname: '{}'", hostname)) +} + pub fn uri_error(message: impl Into>) -> AnyError { custom_error("URIError", message) } diff --git a/op_crates/websocket/lib.rs b/op_crates/websocket/lib.rs index daf61a9083..a2454b8e33 100644 --- a/op_crates/websocket/lib.rs +++ b/op_crates/websocket/lib.rs @@ -1,6 +1,7 @@ // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license. use deno_core::error::bad_resource_id; +use deno_core::error::invalid_hostname; use deno_core::error::null_opbuf; use deno_core::error::type_error; use deno_core::error::AnyError; @@ -175,8 +176,8 @@ where } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = - DNSNameRef::try_from_ascii_str(&domain).expect("Invalid DNS lookup"); + let dnsname = DNSNameRef::try_from_ascii_str(domain) + .map_err(|_| invalid_hostname(domain))?; let tls_socket = tls_connector.connect(dnsname, tcp_socket).await?; MaybeTlsStream::Rustls(tls_socket) } diff --git a/runtime/ops/tls.rs b/runtime/ops/tls.rs index 10293cf929..0dbf35cc41 100644 --- a/runtime/ops/tls.rs +++ b/runtime/ops/tls.rs @@ -13,6 +13,7 @@ use deno_core::error::bad_resource; use deno_core::error::bad_resource_id; use deno_core::error::custom_error; use deno_core::error::generic_error; +use deno_core::error::invalid_hostname; use deno_core::error::AnyError; use deno_core::AsyncRefCell; use deno_core::CancelHandle; @@ -139,8 +140,8 @@ async fn op_start_tls( } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = DNSNameRef::try_from_ascii_str(&domain) - .map_err(|_| generic_error("Invalid DNS lookup"))?; + let dnsname = DNSNameRef::try_from_ascii_str(domain) + .map_err(|_| invalid_hostname(domain))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { @@ -169,20 +170,22 @@ async fn op_connect_tls( ) -> Result { assert_eq!(args.transport, "tcp"); - { - let mut s = state.borrow_mut(); - let permissions = s.borrow_mut::(); - permissions.net.check(&(&args.hostname, Some(args.port)))?; - if let Some(path) = &args.cert_file { - permissions.read.check(Path::new(&path))?; - } - } let mut domain = args.hostname.as_str(); if domain.is_empty() { domain = "localhost"; } + { + let mut s = state.borrow_mut(); + let permissions = s.borrow_mut::(); + permissions.net.check(&(domain, Some(args.port)))?; + if let Some(path) = &args.cert_file { + permissions.read.check(Path::new(&path))?; + } + } - let addr = resolve_addr(&args.hostname, args.port) + let dnsname = DNSNameRef::try_from_ascii_str(domain) + .map_err(|_| invalid_hostname(domain))?; + let addr = resolve_addr(domain, args.port) .await? .next() .ok_or_else(|| generic_error("No resolved address found"))?; @@ -200,8 +203,6 @@ async fn op_connect_tls( config.root_store.add_pem_file(reader).unwrap(); } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = DNSNameRef::try_from_ascii_str(&domain) - .map_err(|_| generic_error("Invalid DNS lookup"))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { let mut state_ = state.borrow_mut();