1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-30 16:40:57 -05:00
denoland-deno/cli/tests/testdata/tls
Evan ece2a3de5b
fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157)
The goal of this PR is to address issue #19520 where Deno panics when
encountering an invalid SSL certificate.

This PR achieves that goal by removing an `.expect()` statement and
implementing a match statement on `tsl_config` (found in
[/ext/net/ops_tsl.rs](e071382768/ext/net/ops_tls.rs (L1058)))
to check whether the desired configuration is valid

---------

Co-authored-by: Matt Mastracci <matthew@mastracci.com>
2023-08-15 00:11:12 +00:00
..
domains.txt chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
invalid.crt fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157) 2023-08-15 00:11:12 +00:00
invalid.key fix(ext/net): implement a graceful error on an invalid SSL certificate (#20157) 2023-08-15 00:11:12 +00:00
localhost.crt chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
localhost.key chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
README.md chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
RootCA.crt chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
RootCA.key chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00
RootCA.pem chore: move test files to testdata directory (#11601) 2021-08-11 10:20:47 -04:00

The certificates in this dir expire on Sept, 27th, 2118

Certificates generated using original instructions from this gist: https://gist.github.com/cecilemuller/9492b848eb8fe46d462abeb26656c4f8

Certificate authority (CA)

Generate RootCA.pem, RootCA.key, RootCA.crt:

openssl req -x509 -nodes -new -sha256 -days 36135 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=Example-Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

Note that Example-Root-CA is an example, you can customize the name.

Domain name certificate

First, create a file domains.txt that lists all your local domains (here we only list localhost):

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost

Generate localhost.key, localhost.csr, and localhost.crt:

openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=US/ST=YourState/L=YourCity/O=Example-Certificates/CN=localhost.local"
openssl x509 -req -sha256 -days 36135 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.txt -out localhost.crt

Note that the country / state / city / name in the first command can be customized.

For testing purposes we need following files:

  • RootCA.crt
  • RootCA.key
  • RootCA.pem
  • localhost.crt
  • localhost.key