fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157)

The goal of this PR is to address issue #19520 where Deno panics when encountering an invalid SSL certificate. This PR achieves that goal by removing an `.expect()` statement and implementing a match statement on `tsl_config` (found in [/ext/net/ops_tsl.rs](e071382768/ext/net/ops_tls.rs (L1058))) to check whether the desired configuration is valid --------- Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2024-11-21 15:04:11 -05:00 · 2023-08-14 20:11:12 -04:00 · 2023-08-14 20:11:12 -04:00 · ece2a3de5b
commit ece2a3de5b
parent 625bd39050
4 changed files with 41 additions and 1 deletions
--- a/cli/tests/testdata/tls/invalid.crt
+++ b/cli/tests/testdata/tls/invalid.crt
@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+INVALID
+-----END CERTIFICATE-----
--- a/cli/tests/testdata/tls/invalid.key
+++ b/cli/tests/testdata/tls/invalid.key
@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+INVALID
+-----END PRIVATE KEY-----
--- a/cli/tests/unit/tls_test.ts
+++ b/cli/tests/unit/tls_test.ts
@ -1491,3 +1491,31 @@ Deno.test({
  });
  listener.close();
 });
+
+Deno.test(
+  { permissions: { net: true, read: true } },
+  function listenTLSInvalidCert() {
+    assertThrows(() => {
+      Deno.listenTls({
+        hostname: "localhost",
+        port: 3500,
+        certFile: "cli/tests/testdata/tls/invalid.crt",
+        keyFile: "cli/tests/testdata/tls/localhost.key",
+      });
+    }, Deno.errors.InvalidData);
+  },
+);
+
+Deno.test(
+  { permissions: { net: true, read: true } },
+  function listenTLSInvalidKey() {
+    assertThrows(() => {
+      Deno.listenTls({
+        hostname: "localhost",
+        port: 3500,
+        certFile: "cli/tests/testdata/tls/localhost.crt",
+        keyFile: "cli/tests/testdata/tls/invalid.key",
+      });
+    }, Deno.errors.InvalidData);
+  },
+);
--- a/ext/net/ops_tls.rs
+++ b/ext/net/ops_tls.rs
@ -1055,7 +1055,13 @@ where
    .with_safe_defaults()
    .with_no_client_auth()
    .with_single_cert(cert_chain, key_der)
-    .expect("invalid key or certificate");
+    .map_err(|e| {
+      custom_error(
+        "InvalidData",
+        format!("Error creating TLS certificate: {:?}", e),
+      )
+    })?;
+
  if let Some(alpn_protocols) = args.alpn_protocols {
    tls_config.alpn_protocols =
      alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();