Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proposal: replace certFile in Deno.ConnectTlsOptions with caCerts #11608

Closed
lucacasonato opened this issue Aug 7, 2021 · 0 comments · Fixed by #12219
Closed

Proposal: replace certFile in Deno.ConnectTlsOptions with caCerts #11608

lucacasonato opened this issue Aug 7, 2021 · 0 comments · Fixed by #12219
Labels
breaking change a change or feature that breaks existing semantics feat new feature (which has been agreed to/accepted) public API related to "Deno" namespace in JS runtime Relates to code in the runtime crate

Comments

@lucacasonato
Copy link
Member

The naming of the certFile argument in Deno.ConnectTlsOptions is horrendous because certFile is ambiguous if it is a CA certificate, or a client mTLS cert. It should be caFile. Really it should be caData though, with it being the users responsibility to read the file from disk. Even more really it should be caCerts, taking an array of certificates (as string, encoded as PEM) to add to the trust store.

Client certificates for mTLS should end up in the certChain and privateKey fields of the Deno.ConnectTlsOptions, both taking a string encoded as PEM.

Because the removal of certFile would be a breaking change, let's deprecate the field in the next release (1.13) using @deprecated, and introduce the caCerts option.

The same change should apply to createHttpClient and startTls.

Any objections?
@lucacasonato lucacasonato added public API related to "Deno" namespace in JS breaking change a change or feature that breaks existing semantics runtime Relates to code in the runtime crate suggestion suggestions for new features (yet to be agreed) labels Aug 7, 2021
@lucacasonato lucacasonato added feat new feature (which has been agreed to/accepted) and removed suggestion suggestions for new features (yet to be agreed) labels Sep 25, 2021
@lucacasonato lucacasonato mentioned this issue Sep 25, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking change a change or feature that breaks existing semantics feat new feature (which has been agreed to/accepted) public API related to "Deno" namespace in JS runtime Relates to code in the runtime crate
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(tls): custom in memory CA certificates lucacasonato/deno
1 participant
@lucacasonato