diff --git a/cli/tests/testdata/tls/invalid.crt b/cli/tests/testdata/tls/invalid.crt new file mode 100644 index 0000000000..688e32ede7 --- /dev/null +++ b/cli/tests/testdata/tls/invalid.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +INVALID +-----END CERTIFICATE----- diff --git a/cli/tests/testdata/tls/invalid.key b/cli/tests/testdata/tls/invalid.key new file mode 100644 index 0000000000..b57bc2f68e --- /dev/null +++ b/cli/tests/testdata/tls/invalid.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +INVALID +-----END PRIVATE KEY----- diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts index 1f0702f623..8162c53b56 100644 --- a/cli/tests/unit/tls_test.ts +++ b/cli/tests/unit/tls_test.ts @@ -1491,3 +1491,31 @@ Deno.test({ }); listener.close(); }); + +Deno.test( + { permissions: { net: true, read: true } }, + function listenTLSInvalidCert() { + assertThrows(() => { + Deno.listenTls({ + hostname: "localhost", + port: 3500, + certFile: "cli/tests/testdata/tls/invalid.crt", + keyFile: "cli/tests/testdata/tls/localhost.key", + }); + }, Deno.errors.InvalidData); + }, +); + +Deno.test( + { permissions: { net: true, read: true } }, + function listenTLSInvalidKey() { + assertThrows(() => { + Deno.listenTls({ + hostname: "localhost", + port: 3500, + certFile: "cli/tests/testdata/tls/localhost.crt", + keyFile: "cli/tests/testdata/tls/invalid.key", + }); + }, Deno.errors.InvalidData); + }, +); diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs index ac9c80f7a5..7b1cb4e0a5 100644 --- a/ext/net/ops_tls.rs +++ b/ext/net/ops_tls.rs @@ -1055,7 +1055,13 @@ where .with_safe_defaults() .with_no_client_auth() .with_single_cert(cert_chain, key_der) - .expect("invalid key or certificate"); + .map_err(|e| { + custom_error( + "InvalidData", + format!("Error creating TLS certificate: {:?}", e), + ) + })?; + if let Some(alpn_protocols) = args.alpn_protocols { tls_config.alpn_protocols = alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();