mirror of
https://github.com/denoland/deno.git
synced 2025-01-07 06:46:59 -05:00
fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157)
The goal of this PR is to address issue #19520 where Deno panics when
encountering an invalid SSL certificate.
This PR achieves that goal by removing an `.expect()` statement and
implementing a match statement on `tsl_config` (found in
[/ext/net/ops_tsl.rs](e071382768/ext/net/ops_tls.rs (L1058)
))
to check whether the desired configuration is valid
---------
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
This commit is contained in:
parent
0f1365a574
commit
9f761fa2cd
4 changed files with 41 additions and 1 deletions
3
cli/tests/testdata/tls/invalid.crt
vendored
Normal file
3
cli/tests/testdata/tls/invalid.crt
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
INVALID
|
||||||
|
-----END CERTIFICATE-----
|
3
cli/tests/testdata/tls/invalid.key
vendored
Normal file
3
cli/tests/testdata/tls/invalid.key
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
INVALID
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -1491,3 +1491,31 @@ Deno.test({
|
||||||
});
|
});
|
||||||
listener.close();
|
listener.close();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
Deno.test(
|
||||||
|
{ permissions: { net: true, read: true } },
|
||||||
|
function listenTLSInvalidCert() {
|
||||||
|
assertThrows(() => {
|
||||||
|
Deno.listenTls({
|
||||||
|
hostname: "localhost",
|
||||||
|
port: 3500,
|
||||||
|
certFile: "cli/tests/testdata/tls/invalid.crt",
|
||||||
|
keyFile: "cli/tests/testdata/tls/localhost.key",
|
||||||
|
});
|
||||||
|
}, Deno.errors.InvalidData);
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
Deno.test(
|
||||||
|
{ permissions: { net: true, read: true } },
|
||||||
|
function listenTLSInvalidKey() {
|
||||||
|
assertThrows(() => {
|
||||||
|
Deno.listenTls({
|
||||||
|
hostname: "localhost",
|
||||||
|
port: 3500,
|
||||||
|
certFile: "cli/tests/testdata/tls/localhost.crt",
|
||||||
|
keyFile: "cli/tests/testdata/tls/invalid.key",
|
||||||
|
});
|
||||||
|
}, Deno.errors.InvalidData);
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
|
@ -1055,7 +1055,13 @@ where
|
||||||
.with_safe_defaults()
|
.with_safe_defaults()
|
||||||
.with_no_client_auth()
|
.with_no_client_auth()
|
||||||
.with_single_cert(cert_chain, key_der)
|
.with_single_cert(cert_chain, key_der)
|
||||||
.expect("invalid key or certificate");
|
.map_err(|e| {
|
||||||
|
custom_error(
|
||||||
|
"InvalidData",
|
||||||
|
format!("Error creating TLS certificate: {:?}", e),
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
if let Some(alpn_protocols) = args.alpn_protocols {
|
if let Some(alpn_protocols) = args.alpn_protocols {
|
||||||
tls_config.alpn_protocols =
|
tls_config.alpn_protocols =
|
||||||
alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();
|
alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();
|
||||||
|
|
Loading…
Reference in a new issue