mirror of
https://github.com/denoland/deno.git
synced 2024-12-23 15:49:44 -05:00
fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157)
The goal of this PR is to address issue #19520 where Deno panics when
encountering an invalid SSL certificate.
This PR achieves that goal by removing an `.expect()` statement and
implementing a match statement on `tsl_config` (found in
[/ext/net/ops_tsl.rs](e071382768/ext/net/ops_tls.rs (L1058)
))
to check whether the desired configuration is valid
---------
Co-authored-by: Matt Mastracci <matthew@mastracci.com>
This commit is contained in:
parent
625bd39050
commit
ece2a3de5b
4 changed files with 41 additions and 1 deletions
3
cli/tests/testdata/tls/invalid.crt
vendored
Normal file
3
cli/tests/testdata/tls/invalid.crt
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
INVALID
|
||||
-----END CERTIFICATE-----
|
3
cli/tests/testdata/tls/invalid.key
vendored
Normal file
3
cli/tests/testdata/tls/invalid.key
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
INVALID
|
||||
-----END PRIVATE KEY-----
|
|
@ -1491,3 +1491,31 @@ Deno.test({
|
|||
});
|
||||
listener.close();
|
||||
});
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { net: true, read: true } },
|
||||
function listenTLSInvalidCert() {
|
||||
assertThrows(() => {
|
||||
Deno.listenTls({
|
||||
hostname: "localhost",
|
||||
port: 3500,
|
||||
certFile: "cli/tests/testdata/tls/invalid.crt",
|
||||
keyFile: "cli/tests/testdata/tls/localhost.key",
|
||||
});
|
||||
}, Deno.errors.InvalidData);
|
||||
},
|
||||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { net: true, read: true } },
|
||||
function listenTLSInvalidKey() {
|
||||
assertThrows(() => {
|
||||
Deno.listenTls({
|
||||
hostname: "localhost",
|
||||
port: 3500,
|
||||
certFile: "cli/tests/testdata/tls/localhost.crt",
|
||||
keyFile: "cli/tests/testdata/tls/invalid.key",
|
||||
});
|
||||
}, Deno.errors.InvalidData);
|
||||
},
|
||||
);
|
||||
|
|
|
@ -1055,7 +1055,13 @@ where
|
|||
.with_safe_defaults()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, key_der)
|
||||
.expect("invalid key or certificate");
|
||||
.map_err(|e| {
|
||||
custom_error(
|
||||
"InvalidData",
|
||||
format!("Error creating TLS certificate: {:?}", e),
|
||||
)
|
||||
})?;
|
||||
|
||||
if let Some(alpn_protocols) = args.alpn_protocols {
|
||||
tls_config.alpn_protocols =
|
||||
alpn_protocols.into_iter().map(|s| s.into_bytes()).collect();
|
||||
|
|
Loading…
Reference in a new issue