mirror of
https://github.com/denoland/deno.git
synced 2025-01-11 08:33:43 -05:00
fix: support "fetch" over HTTPS for IP addresses (#18499)
This commit adds support for connecting to IP addresses over HTTPS. This is done by updating "rustls" to "0.21.0" and other related crates. Closes https://github.com/denoland/deno/issues/7660 Closes https://github.com/denoland/deno/issues/17967 --------- Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
This commit is contained in:
Bartek Iwańczuk
GitHub
parent
867a6d3032
commit
cb87cb0283
8 changed files with 61 additions and 46 deletions
47
Cargo.lock
generated
47
Cargo.lock
generated
|
|
@ -175,6 +175,20 @@ dependencies = [
|
|||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "async-compression"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5b0122885821398cc923ece939e24d1056a2384ee719432397fa9db87230ff11"
|
||||
dependencies = [
|
||||
"brotli",
|
||||
"flate2",
|
||||
"futures-core",
|
||||
"memchr",
|
||||
"pin-project-lite",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "async-stream"
|
||||
version = "0.3.4"
|
||||
|
|
@ -1025,7 +1039,7 @@ dependencies = [
|
|||
name = "deno_http"
|
||||
version = "0.99.0"
|
||||
dependencies = [
|
||||
"async-compression",
|
||||
"async-compression 0.3.15",
|
||||
"async-trait",
|
||||
"base64 0.13.1",
|
||||
"bencher",
|
||||
|
|
@ -2400,9 +2414,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "hyper-rustls"
|
||||
version = "0.23.2"
|
||||
version = "0.24.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1788965e61b367cd03a62950836d5cd41560c3577d90e40e0819373194d1661c"
|
||||
checksum = "0646026eb1b3eea4cd9ba47912ea5ce9cc07713d105b1a14698f4e6433d348b7"
|
||||
dependencies = [
|
||||
"http",
|
||||
"hyper 0.14.26",
|
||||
|
|
@ -3775,11 +3789,11 @@ checksum = "4bf2521270932c3c7bed1a59151222bd7643c79310f2916f01925e1e16255698"
|
|||
|
||||
[[package]]
|
||||
name = "reqwest"
|
||||
version = "0.11.14"
|
||||
version = "0.11.18"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "21eed90ec8570952d53b772ecf8f206aa1ec9a3d76b2521c56c42973f2d91ee9"
|
||||
checksum = "cde824a14b7c14f85caff81225f411faacc04a2013f41670f41443742b1c1c55"
|
||||
dependencies = [
|
||||
"async-compression",
|
||||
"async-compression 0.4.0",
|
||||
"base64 0.21.0",
|
||||
"bytes",
|
||||
"encoding_rs",
|
||||
|
|
@ -3955,14 +3969,14 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "rustls"
|
||||
version = "0.20.8"
|
||||
version = "0.21.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
|
||||
checksum = "07180898a28ed6a7f7ba2311594308f595e3dd2e3c3812fa0a80a47b45f17e5d"
|
||||
dependencies = [
|
||||
"log",
|
||||
"ring",
|
||||
"rustls-webpki",
|
||||
"sct",
|
||||
"webpki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -3986,6 +4000,16 @@ dependencies = [
|
|||
"base64 0.21.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-webpki"
|
||||
version = "0.100.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
|
||||
dependencies = [
|
||||
"ring",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustversion"
|
||||
version = "1.0.12"
|
||||
|
|
@ -5233,13 +5257,12 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "tokio-rustls"
|
||||
version = "0.23.4"
|
||||
version = "0.24.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
|
||||
checksum = "e0d409377ff5b1e3ca6437aa86c1eb7d40c134bfec254e44c830defa92669db5"
|
||||
dependencies = [
|
||||
"rustls",
|
||||
"tokio",
|
||||
"webpki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
|
|||
|
|
@ -116,10 +116,10 @@ pretty_assertions = "=1.3.0"
|
|||
rand = "=0.8.5"
|
||||
regex = "^1.7.0"
|
||||
lazy-regex = "2.5.0"
|
||||
reqwest = { version = "0.11.11", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks"] }
|
||||
reqwest = { version = "0.11.18", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks"] }
|
||||
ring = "=0.16.20"
|
||||
rusqlite = { version = "=0.28.0", features = ["unlock_notify", "bundled"] }
|
||||
rustls = "0.20.5"
|
||||
rustls = "0.21.0"
|
||||
rustls-pemfile = "1.0.0"
|
||||
serde = { version = "1.0.149", features = ["derive"] }
|
||||
serde_bytes = "0.11"
|
||||
|
|
@ -136,7 +136,7 @@ thiserror = "1.0.40"
|
|||
tokio = { version = "1.28.1", features = ["full"] }
|
||||
tikv-jemallocator = "0.5.0"
|
||||
tikv-jemalloc-sys = "0.5.3"
|
||||
tokio-rustls = "0.23.3"
|
||||
tokio-rustls = "0.24.0"
|
||||
tokio-util = "0.7.4"
|
||||
tower-lsp = { version = "=0.17.0", features = ["proposed"] }
|
||||
url = { version = "2.3.1", features = ["serde", "expose_internals"] }
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
DANGER: TLS certificate validation is disabled for: deno.land
|
||||
error: error sending request for url (https://localhost:5545/subdir/mod2.ts): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer
|
||||
error: error sending request for url (https://localhost:5545/subdir/mod2.ts): error trying to connect: invalid peer certificate: UnknownIssuer
|
||||
at file:///[WILDCARD]/cafile_url_imports.ts:[WILDCARD]
|
||||
|
|
|
|||
5
cli/tests/testdata/run/websocket_test.ts
vendored
5
cli/tests/testdata/run/websocket_test.ts
vendored
|
|
@ -161,7 +161,10 @@ Deno.test("websocket error", async () => {
|
|||
assert(err instanceof ErrorEvent);
|
||||
|
||||
// Error message got changed because we don't use warp in test_util
|
||||
assertEquals(err.message, "InvalidData: received corrupt message");
|
||||
assertEquals(
|
||||
err.message,
|
||||
"InvalidData: received corrupt message of type InvalidContentType",
|
||||
);
|
||||
promise1.resolve();
|
||||
};
|
||||
await promise1;
|
||||
|
|
|
|||
|
|
@ -1495,6 +1495,18 @@ Deno.test(
|
|||
},
|
||||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { net: true, read: true } },
|
||||
async function fetchSupportsHttpsOverIpAddress() {
|
||||
const caCert = await Deno.readTextFile("cli/tests/testdata/tls/RootCA.pem");
|
||||
const client = Deno.createHttpClient({ caCerts: [caCert] });
|
||||
const res = await fetch("https://localhost:5546/http_version", { client });
|
||||
assert(res.ok);
|
||||
assertEquals(await res.text(), "HTTP/1.1");
|
||||
client.close();
|
||||
},
|
||||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { net: true, read: true } },
|
||||
async function fetchSupportsHttp1Only() {
|
||||
|
|
|
|||
|
|
@ -1337,7 +1337,7 @@ Deno.test(
|
|||
await assertRejects(
|
||||
() => conn.handshake(),
|
||||
Deno.errors.InvalidData,
|
||||
"BadCertificate",
|
||||
"received fatal alert",
|
||||
);
|
||||
}
|
||||
conn.close();
|
||||
|
|
@ -1368,7 +1368,7 @@ Deno.test(
|
|||
await assertRejects(
|
||||
() => tlsConn.handshake(),
|
||||
Deno.errors.InvalidData,
|
||||
"CertNotValidForName",
|
||||
"NotValidForName",
|
||||
);
|
||||
tlsConn.close();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,16 +9,14 @@ pub use webpki_roots;
|
|||
use deno_core::anyhow::anyhow;
|
||||
use deno_core::error::custom_error;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::parking_lot::Mutex;
|
||||
|
||||
use rustls::client::HandshakeSignatureValid;
|
||||
use rustls::client::ServerCertVerified;
|
||||
use rustls::client::ServerCertVerifier;
|
||||
use rustls::client::StoresClientSessions;
|
||||
use rustls::client::WebPkiVerifier;
|
||||
use rustls::internal::msgs::handshake::DigitallySignedStruct;
|
||||
use rustls::Certificate;
|
||||
use rustls::ClientConfig;
|
||||
use rustls::DigitallySignedStruct;
|
||||
use rustls::Error;
|
||||
use rustls::PrivateKey;
|
||||
use rustls::RootCertStore;
|
||||
|
|
@ -27,7 +25,6 @@ use rustls_pemfile::certs;
|
|||
use rustls_pemfile::pkcs8_private_keys;
|
||||
use rustls_pemfile::rsa_private_keys;
|
||||
use serde::Deserialize;
|
||||
use std::collections::HashMap;
|
||||
use std::io::BufRead;
|
||||
use std::io::BufReader;
|
||||
use std::io::Cursor;
|
||||
|
|
@ -145,26 +142,6 @@ pub struct BasicAuth {
|
|||
pub password: String,
|
||||
}
|
||||
|
||||
#[derive(Default)]
|
||||
struct ClientSessionMemoryCache(Mutex<HashMap<Vec<u8>, Vec<u8>>>);
|
||||
|
||||
impl StoresClientSessions for ClientSessionMemoryCache {
|
||||
fn get(&self, key: &[u8]) -> Option<Vec<u8>> {
|
||||
self.0.lock().get(key).cloned()
|
||||
}
|
||||
|
||||
fn put(&self, key: Vec<u8>, value: Vec<u8>) -> bool {
|
||||
let mut sessions = self.0.lock();
|
||||
// TODO(bnoordhuis) Evict sessions LRU-style instead of arbitrarily.
|
||||
while sessions.len() >= 1024 {
|
||||
let key = sessions.keys().next().unwrap().clone();
|
||||
sessions.remove(&key);
|
||||
}
|
||||
sessions.insert(key, value);
|
||||
true
|
||||
}
|
||||
}
|
||||
|
||||
pub fn create_default_root_cert_store() -> RootCertStore {
|
||||
let mut root_cert_store = RootCertStore::empty();
|
||||
// TODO(@justinmchase): Consider also loading the system keychain here
|
||||
|
|
@ -293,7 +270,7 @@ fn filter_invalid_encoding_err(
|
|||
to_be_filtered: Result<HandshakeSignatureValid, Error>,
|
||||
) -> Result<HandshakeSignatureValid, Error> {
|
||||
match to_be_filtered {
|
||||
Err(Error::InvalidCertificateEncoding) => {
|
||||
Err(Error::InvalidCertificate(rustls::CertificateError::BadEncoding)) => {
|
||||
Ok(HandshakeSignatureValid::assertion())
|
||||
}
|
||||
res => res,
|
||||
|
|
|
|||
|
|
@ -488,11 +488,11 @@ async fn get_tls_config(
|
|||
|
||||
let mut config = rustls::ServerConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_client_cert_verifier(
|
||||
.with_client_cert_verifier(Arc::new(
|
||||
rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(
|
||||
root_cert_store,
|
||||
),
|
||||
)
|
||||
))
|
||||
.with_single_cert(certs, PrivateKey(key))
|
||||
.map_err(|e| anyhow!("Error setting cert: {:?}", e))
|
||||
.unwrap();
|
||||
|
|
|
|||
Loading…
Reference in a new issue