1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-23 15:49:44 -05:00

fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157)

The goal of this PR is to address issue #19520 where Deno panics when
encountering an invalid SSL certificate.

This PR achieves that goal by removing an `.expect()` statement and
implementing a match statement on `tsl_config` (found in
[/ext/net/ops_tsl.rs](e071382768/ext/net/ops_tls.rs (L1058)))
to check whether the desired configuration is valid

---------

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
This commit is contained in:
Evan 2023-08-14 20:11:12 -04:00 committed by GitHub
parent 625bd39050
commit ece2a3de5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 41 additions and 1 deletions

3
cli/tests/testdata/tls/invalid.crt vendored Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN CERTIFICATE-----
INVALID
-----END CERTIFICATE-----

3
cli/tests/testdata/tls/invalid.key vendored Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
INVALID
-----END PRIVATE KEY-----

View file

@ -1491,3 +1491,31 @@ Deno.test({
});
listener.close();
});
Deno.test(
{ permissions: { net: true, read: true } },
function listenTLSInvalidCert() {
assertThrows(() => {
Deno.listenTls({
hostname: "localhost",
port: 3500,
certFile: "cli/tests/testdata/tls/invalid.crt",
keyFile: "cli/tests/testdata/tls/localhost.key",
});
}, Deno.errors.InvalidData);
},
);
Deno.test(
{ permissions: { net: true, read: true } },
function listenTLSInvalidKey() {
assertThrows(() => {
Deno.listenTls({
hostname: "localhost",
port: 3500,
certFile: "cli/tests/testdata/tls/localhost.crt",
keyFile: "cli/tests/testdata/tls/invalid.key",
});
}, Deno.errors.InvalidData);
},
);

View file

@ -1055,7 +1055,13 @@ where
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(cert_chain, key_der)
.expect("invalid key or certificate");
.map_err(|e| {
custom_error(
"InvalidData",
format!("Error creating TLS certificate: {:?}", e),
)
})?;
if let Some(alpn_protocols) = args.alpn_protocols {
tls_config.alpn_protocols =
alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();