1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-31 19:44:10 -05:00
Commit graph

26 commits

Author SHA1 Message Date
Matt Mastracci
684377c92c
refactor(ext/tls): Implement required functionality for later SNI support (#23686)
Precursor to #23236 

This implements the SNI features, but uses private symbols to avoid
exposing the functionality at this time. Note that to properly test this
feature, we need to add a way for `connectTls` to specify a hostname.
This is something that should be pushed into that API at a later time as
well.

```ts
Deno.test(
  { permissions: { net: true, read: true } },
  async function listenResolver() {
    let sniRequests = [];
    const listener = Deno.listenTls({
      hostname: "localhost",
      port: 0,
      [resolverSymbol]: (sni: string) => {
        sniRequests.push(sni);
        return {
          cert,
          key,
        };
      },
    });

    {
      const conn = await Deno.connectTls({
        hostname: "localhost",
        [serverNameSymbol]: "server-1",
        port: listener.addr.port,
      });
      const [_handshake, serverConn] = await Promise.all([
        conn.handshake(),
        listener.accept(),
      ]);
      conn.close();
      serverConn.close();
    }

    {
      const conn = await Deno.connectTls({
        hostname: "localhost",
        [serverNameSymbol]: "server-2",
        port: listener.addr.port,
      });
      const [_handshake, serverConn] = await Promise.all([
        conn.handshake(),
        listener.accept(),
      ]);
      conn.close();
      serverConn.close();
    }

    assertEquals(sniRequests, ["server-1", "server-2"]);
    listener.close();
  },
);
```

---------

Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-05-09 10:54:47 -06:00
Matt Mastracci
8c9caeb418
chore: rework TLS code in test server (#23566)
In order to make the reqwest/rustls upgrade more straightforward, we
refactor the test server to depend on deno_tls.
2024-04-25 17:00:04 -04:00
Matt Mastracci
cb12a93503
refactor(ext/tls): use cppgc to deduplicate the tls key loading code (#23289)
Pass the certificates and key files as CPPGC objects.

Towards #23233
2024-04-08 15:01:02 -06:00
MAKS11060
e3833b5a52
fix(ext/tls): add support EC private key (#23261)
Deno works with the `EC` key, but cannot recognize it.
This code works correctly if the prefix 'EC' is removed.

```typescript
const cert = `-----BEGIN CERTIFICATE-----
MIICqjCCAZKgAwIBAgIULvZQk8us6eYdpKZraHVkW8YKL/IwDQYJKoZIhvcNAQEL
BQAwJzELMAkGA1UEBhMCVVMxGDAWBgNVBAMMD0V4YW1wbGUtUm9vdC1DQTAgFw0y
NDA0MDYwNzM4MDlaGA8yMTIzMDMxNDA3MzgwOVowbTELMAkGA1UEBhMCVVMxEjAQ
BgNVBAgMCVlvdXJTdGF0ZTERMA8GA1UEBwwIWW91ckNpdHkxHTAbBgNVBAoMFEV4
YW1wbGUtQ2VydGlmaWNhdGVzMRgwFgYDVQQDDA9sb2NhbGhvc3QubG9jYWwwWTAT
BgcqhkjOPQIBBggqhkjOPQMBBwNCAATWOALcgzz4LbNikhjVGpkOCUmR8NahjfFw
9pNBuyZnaTcjfeGfiPaV0iQqvTuQnmL+fTBw8PKxzlKGpzsodQaWo1EwTzAfBgNV
HSMEGDAWgBTzut+pwwDfqmMYcI9KNWRDhxcIpTAJBgNVHRMEAjAAMAsGA1UdDwQE
AwIE8DAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBABWp
5LsGj5mWGIy7XpksXb0k2e3fUh+CobNl4JbvE7em68nuyojm0+/vEs8Bpd9vJaUo
tU1btyTO8xUlOGeyNa9Ddd2gj3oB8IGMjxhazWTSDseZ/WqBt6OudPMmnj+jPRQL
8Hb0vyXfmabZnWO9WH9/tcCoGdUdKo2KYN/7M2ojSeRq/4BIL08lC2SVX8DlBG40
8aj3FJo9xsUG59NI31iXVN1UPEN2pakKRJdSVdpbBjxDaEoLw/TB02gqfA43T1fU
wKz+0UYxSCjeW0lOZ3wlaNN2KqiHLuQ6ePG5kqD8aRufmYWK/ImlO/ZiSX60GiPu
K1cC6aWEohOhx+k424Y=
-----END CERTIFICATE-----`
const key = `-----BEGIN EC PRIVATE KEY-----
MHcCAQEEILL8H0x2ZP/ZZ+CwmKLS/zRleO7k7NBgWH0P767zYvlVoAoGCCqGSM49
AwEHoUQDQgAE1jgC3IM8+C2zYpIY1RqZDglJkfDWoY3xcPaTQbsmZ2k3I33hn4j2
ldIkKr07kJ5i/n0wcPDysc5Shqc7KHUGlg==
-----END EC PRIVATE KEY-----`

const config: Deno.ServeTlsOptions = {
  cert,
  // key, // not working // error: Uncaught (in promise) InvalidData: No keys found in key file
  key: key.replaceAll(' EC', ''), // remove ' EC'. it works
}

Deno.serve(config, (r) => Response.json('ok'))
```
2024-04-08 11:36:34 -06:00
Matt Mastracci
dcbbcd23f5
refactor: split integration tests from CLI (part 1) (#22308)
This PR separates integration tests from CLI tests into a new project
named `cli_tests`. This is a prerequisite for an integration test runner
that can work with either the CLI binary in the current project, or one
that is built ahead of time.

## Background

Rust does not have the concept of artifact dependencies yet
(https://github.com/rust-lang/cargo/issues/9096). Because of this, the
only way we can ensure a binary is built before running associated tests
is by hanging tests off the crate with the binary itself.

Unfortunately this means that to run those tests, you _must_ build the
binary and in the case of the deno executable that might be a 10 minute
wait in release mode.

## Implementation

To allow for tests to run with and without the requirement that the
binary is up-to-date, we split the integration tests into a project of
their own. As these tests would not require the binary to build itself
before being run as-is, we add a stub integration `[[test]]` target in
the `cli` project that invokes these tests using `cargo test`.

The stub test runner we add has `harness = false` so that we can get
access to a `main` function. This `main` function's sole job is to
`execvp` the command `cargo test -p deno_cli`, effectively "calling"
another cargo target.

This ensures that the deno executable is always correctly rebuilt before
running the stub test runner from `cli`, and gets us closer to be able
to run the entire integration test suite on arbitrary deno executables
(and therefore split the build into multiple phases).

The new `cli_tests` project lives within `cli` to avoid a large PR. In
later PRs, the test data will be split from the `cli` project. As there
are a few thousand files, it'll be better to do this as a completely
separate PR to avoid noise.
2024-02-09 13:33:05 -07:00
David Sherret
7e72f3af61
chore: update copyright to 2024 (#21753) 2024-01-01 19:58:21 +00:00
Matt Mastracci
42c426e769
feat(ext/websocket): websockets over http2 (#21040)
Implements `WebSocket` over http/2. This requires a conformant http/2
server supporting the extended connect protocol.

Passes approximately 100 new WPT tests (mostly `?wpt_flags=h2` versions
of existing websockets APIs).

This is implemented as a fallback when http/1.1 fails, so a server that
supports both h1 and h2 WebSockets will still end up on the http/1.1
upgrade path.

The patch also cleas up the websockets handshake to split it up into
http, https+http1 and https+http2, making it a little less intertwined.

This uncovered a likely bug in the WPT test server:
https://github.com/web-platform-tests/wpt/issues/42896
2023-11-01 21:11:01 +00:00
Divy Srivastava
ba6bd444b6
perf: use deno_native_certs crate (#18072)
Fixes #18071 

Replace `rustls_native_certs` which links to Security framework.
https://github.com/denoland/deno_native_certs uses dlopen to lazy load
when needed.
2023-10-31 12:55:46 +01:00
Matt Mastracci
8bb4e10881
fix(ext/tls): upgrade webpki version (#20285)
This removes a webpki version that was showing up as vulnerable to
https://github.com/briansmith/webpki/issues/69.

Needed to upgrade `reqwest` as part of this.
2023-08-25 23:40:25 +02:00
Bartek Iwańczuk
cb87cb0283
fix: support "fetch" over HTTPS for IP addresses (#18499)
This commit adds support for connecting to IP addresses over HTTPS.

This is done by updating "rustls" to "0.21.0" and other related crates.

Closes https://github.com/denoland/deno/issues/7660
Closes https://github.com/denoland/deno/issues/17967

---------

Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
2023-05-17 02:19:23 +02:00
David Sherret
913176313b
perf: lazily create RootCertStore (#18938) 2023-05-01 16:42:05 -04:00
Matt Mastracci
e55b448730
feat(core) deno_core::extension! macro to simplify extension registration (#18210)
This implements two macros to simplify extension registration and centralize a lot of the boilerplate as a base for future improvements:

* `deno_core::ops!` registers a block of `#[op]`s, optionally with type
parameters, useful for places where we share lists of ops
* `deno_core::extension!` is used to register an extension, and creates
two methods that can be used at runtime/snapshot generation time:
`init_ops` and `init_ops_and_esm`.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-03-17 18:22:15 +00:00
Bartek Iwańczuk
44e67df1cd
fix: Split extension registration and snapshotting (#18098)
This commit partially reverts changes from
https://github.com/denoland/deno/pull/18095.

Turns out I made a mistake that became apparent when working
on removing "RuntimeOptions::extensions_with_js" in a follow up.
2023-03-09 21:09:45 +01:00
Leo Kettmeir
c41d4ff90e
feat(core): allow specifying name and dependencies of an Extension (#17301) 2023-01-08 23:48:46 +01:00
David Sherret
10e4b2e140
chore: update copyright year to 2023 (#17247)
Yearly tradition of creating extra noise in git.
2023-01-02 21:00:42 +00:00
Aleksei Kosyrev
037466e9cd
fix(ext/tls): ability to ignore IP-address certificate errors (#14610) 2022-05-18 13:32:12 +02:00
Ryan Dahl
1fb5858009
chore: update copyright to 2022 (#13306)
Co-authored-by: Erfan Safari <erfanshield@outlook.com>
2022-01-07 22:09:52 -05:00
Divy Srivastava
6de53b631f
refactor: use once_cell instead of lazy_static (#13135) 2021-12-18 16:14:42 -05:00
Ryan Dahl
a2f1357fe8
chore: upgrade to rustls 0.20 (#12488)
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Bert Belder <bertbelder@gmail.com>
2021-12-07 00:48:11 +01:00
Ryan Dahl
14f4102ece
refactor: deno_tls does not depend on reqwest (#12961) 2021-12-01 13:20:34 -05:00
Ryan Dahl
084caffc08
refactor: cli doesn't need to depend on deno_tls (#12952)
also move create_http_client to deno_fetch
2021-12-01 11:13:11 -05:00
Ryan Dahl
b2036a4db7
refactor: re-export anyhow from deno_core (#12777) 2021-11-16 09:02:28 -05:00
Andreu Botella
e39dace8cb
fix(tls): Make TLS clients support HTTP/2 (#12530)
`fetch()` and client-side websocket used to support HTTP/2, but this
regressed in #11491. This patch reenables it by explicitly adding `h2`
and `http/1.1` to the list of ALPN protocols on the HTTP and websocket
clients.
2021-10-25 18:41:06 +02:00
Luca Casonato
0d7a417f33
feat(tls): custom in memory CA certificates (#12219)
This adds support for using in memory CA certificates for
`Deno.startTLS`, `Deno.connectTLS` and `Deno.createHttpClient`.

`certFile` is deprecated in `startTls` and `connectTls`, and removed
from `Deno.createHttpClient`.
2021-09-30 09:26:15 +02:00
Sean Michael Wykes
dccf4cbe36
feat(fetch): mTLS client certificates for fetch() (#11721)
This commit adds support for specifying client certificates when using fetch, by means of `Deno.createHttpClient`.
2021-08-25 14:25:12 +02:00
Ryan Dahl
a0285e2eb8
Rename extensions/ directory to ext/ (#11643) 2021-08-11 12:27:05 +02:00
Renamed from extensions/tls/lib.rs (Browse further)