BREAKING(net): remove Deno.ConnectTlsOptions.{certChain,certFile,privateKey} and Deno.ListenTlsOptions.certChain,certFile,keyFile} (#25525)

Towards #22079
This commit is contained in:
Asher Gomez 2024-09-11 07:55:42 +10:00 committed by GitHub
parent be0ba6d84f
commit ace1202227
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 29 additions and 516 deletions

View File

@ -5356,7 +5356,7 @@ declare namespace Deno {
export function serve(
options:
| ServeTcpOptions
| (ServeTcpOptions & TlsCertifiedKeyOptions),
| (ServeTcpOptions & TlsCertifiedKeyPem),
handler: ServeHandler<Deno.NetAddr>,
): HttpServer<Deno.NetAddr>;
/** Serves HTTP requests with the given option bag.
@ -5413,7 +5413,7 @@ declare namespace Deno {
*/
export function serve(
options:
& (ServeTcpOptions | (ServeTcpOptions & TlsCertifiedKeyOptions))
& (ServeTcpOptions | (ServeTcpOptions & TlsCertifiedKeyPem))
& ServeInit<Deno.NetAddr>,
): HttpServer<Deno.NetAddr>;

View File

@ -168,7 +168,7 @@ declare namespace Deno {
* @experimental
*/
export function createHttpClient(
options: CreateHttpClientOptions & TlsCertifiedKeyOptions,
options: CreateHttpClientOptions & TlsCertifiedKeyPem,
): HttpClient;
/** **UNSTABLE**: New API, yet to be vetted.

View File

@ -13,7 +13,6 @@ import {
op_tls_handshake,
op_tls_key_null,
op_tls_key_static,
op_tls_key_static_from_file,
op_tls_start,
} from "ext:core/ops";
const {
@ -50,45 +49,23 @@ async function connectTls({
alpnProtocols = undefined,
keyFormat = undefined,
cert = undefined,
certFile = undefined,
certChain = undefined,
key = undefined,
keyFile = undefined,
privateKey = undefined,
}) {
if (transport !== "tcp") {
throw new TypeError(`Unsupported transport: '${transport}'`);
}
let deprecatedCertFile = undefined;
// Deno.connectTls has an irregular option where you can just pass `certFile` and
// not `keyFile`. In this case it's used for `caCerts` rather than the client key.
if (certFile !== undefined && keyFile === undefined) {
internals.warnOnDeprecatedApi(
"Deno.ConnectTlsOptions.certFile",
new Error().stack,
"Pass the cert file's contents to the `Deno.ConnectTlsOptions.caCerts` option instead.",
);
deprecatedCertFile = certFile;
certFile = undefined;
}
const keyPair = loadTlsKeyPair("Deno.connectTls", {
keyFormat,
cert,
certFile,
certChain,
key,
keyFile,
privateKey,
});
// TODO(mmastrac): We only expose this feature via symbol for now. This should actually be a feature
// in Deno.connectTls, however.
const serverName = arguments[0][serverNameSymbol] ?? null;
const { 0: rid, 1: localAddr, 2: remoteAddr } = await op_net_connect_tls(
{ hostname, port },
{ certFile: deprecatedCertFile, caCerts, alpnProtocols, serverName },
{ caCerts, alpnProtocols, serverName },
keyPair,
);
localAddr.transport = "tcp";
@ -137,10 +114,7 @@ function hasTlsKeyPairOptions(options) {
if (options[resolverSymbol] !== undefined) {
return true;
}
return (options.cert !== undefined || options.key !== undefined ||
options.certFile !== undefined ||
options.keyFile !== undefined || options.privateKey !== undefined ||
options.certChain !== undefined);
return (options.cert !== undefined || options.key !== undefined);
}
/**
@ -150,19 +124,8 @@ function hasTlsKeyPairOptions(options) {
function loadTlsKeyPair(api, {
keyFormat,
cert,
certFile,
certChain,
key,
keyFile,
privateKey,
}) {
if (internals.future) {
certFile = undefined;
certChain = undefined;
keyFile = undefined;
privateKey = undefined;
}
// TODO(mmastrac): remove this temporary symbol when the API lands
if (arguments[1][resolverSymbol] !== undefined) {
return createTlsKeyResolver(arguments[1][resolverSymbol]);
@ -173,68 +136,18 @@ function loadTlsKeyPair(api, {
throw new TypeError('If `keyFormat` is specified, it must be "pem"');
}
function exclusive(a1, a1v, a2, a2v) {
if (a1v !== undefined && a2v !== undefined) {
throw new TypeError(
`Cannot specify both \`${a1}\` and \`${a2}\` for \`${api}\`.`,
);
}
if (cert !== undefined && key === undefined) {
throw new TypeError(
`If \`cert\` is specified, \`key\` must be specified as well for \`${api}\`.`,
);
}
if (cert === undefined && key !== undefined) {
throw new TypeError(
`If \`key\` is specified, \`cert\` must be specified as well for \`${api}\`.`,
);
}
// Ensure that only one pair is valid
exclusive("certChain", certChain, "cert", cert);
exclusive("certChain", certChain, "certFile", certFile);
exclusive("key", key, "keyFile", keyFile);
exclusive("key", key, "privateKey", privateKey);
function both(a1, a1v, a2, a2v) {
if (a1v !== undefined && a2v === undefined) {
throw new TypeError(
`If \`${a1}\` is specified, \`${a2}\` must be specified as well for \`${api}\`.`,
);
}
if (a1v === undefined && a2v !== undefined) {
throw new TypeError(
`If \`${a2}\` is specified, \`${a1}\` must be specified as well for \`${api}\`.`,
);
}
}
// Pick one pair of cert/key, certFile/keyFile or certChain/privateKey
both("cert", cert, "key", key);
both("certFile", certFile, "keyFile", keyFile);
both("certChain", certChain, "privateKey", privateKey);
if (certFile !== undefined) {
internals.warnOnDeprecatedApi(
"Deno.TlsCertifiedKeyOptions.keyFile",
new Error().stack,
"Pass the key file's contents to the `Deno.TlsCertifiedKeyPem.key` option instead.",
);
internals.warnOnDeprecatedApi(
"Deno.TlsCertifiedKeyOptions.certFile",
new Error().stack,
"Pass the cert file's contents to the `Deno.TlsCertifiedKeyPem.cert` option instead.",
);
return op_tls_key_static_from_file(api, certFile, keyFile);
} else if (certChain !== undefined) {
if (api !== "Deno.connectTls") {
throw new TypeError(
`Invalid options 'certChain' and 'privateKey' for ${api}`,
);
}
internals.warnOnDeprecatedApi(
"Deno.TlsCertifiedKeyOptions.privateKey",
new Error().stack,
"Use the `Deno.TlsCertifiedKeyPem.key` option instead.",
);
internals.warnOnDeprecatedApi(
"Deno.TlsCertifiedKeyOptions.certChain",
new Error().stack,
"Use the `Deno.TlsCertifiedKeyPem.cert` option instead.",
);
return op_tls_key_static(certChain, privateKey);
} else if (cert !== undefined) {
if (cert !== undefined) {
return op_tls_key_static(cert, key);
} else {
return op_tls_key_null();

View File

@ -232,16 +232,6 @@ declare namespace Deno {
options: UnixListenOptions & { transport: "unix" },
): UnixListener;
/** Provides TLS certified keys, ie: a key that has been certified by a trusted certificate authority.
* A certified key generally consists of a private key and certificate part.
*
* @category Network
*/
export type TlsCertifiedKeyOptions =
| TlsCertifiedKeyPem
| TlsCertifiedKeyFromFile
| TlsCertifiedKeyConnectTls;
/**
* Provides certified key material from strings. The key material is provided in
* `PEM`-format (Privacy Enhanced Mail, https://www.rfc-editor.org/rfc/rfc1422) which can be identified by having
@ -268,59 +258,6 @@ declare namespace Deno {
cert: string;
}
/**
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*
* @category Network
*/
export interface TlsCertifiedKeyFromFile {
/** Path to a file containing a PEM formatted CA certificate. Requires
* `--allow-read`.
*
* @tags allow-read
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*/
certFile: string;
/** Path to a file containing a private key file. Requires `--allow-read`.
*
* @tags allow-read
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*/
keyFile: string;
}
/**
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*
* @category Network
*/
export interface TlsCertifiedKeyConnectTls {
/**
* Certificate chain in `PEM` format.
*
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*/
certChain: string;
/**
* Private key in `PEM` format. RSA, EC, and PKCS8-format keys are supported.
*
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*/
privateKey: string;
}
/** @category Network */
export interface ListenTlsOptions extends TcpListenOptions {
transport?: "tcp";
@ -349,7 +286,7 @@ declare namespace Deno {
* @category Network
*/
export function listenTls(
options: ListenTlsOptions & TlsCertifiedKeyOptions,
options: ListenTlsOptions & TlsCertifiedKeyPem,
): TlsListener;
/** @category Network */
@ -430,16 +367,6 @@ declare namespace Deno {
*
* @default {"127.0.0.1"} */
hostname?: string;
/** Path to a file containing a PEM formatted list of root certificates that will
* be used in addition to the default root certificates to verify the peer's certificate. Requires
* `--allow-read`.
*
* @tags allow-read
* @deprecated This will be removed in Deno 2.0. See the
* {@link https://docs.deno.com/runtime/manual/advanced/migrate_deprecations | Deno 1.x to 2.x Migration Guide}
* for migration instructions.
*/
certFile?: string;
/** A list of root certificates that will be used in addition to the
* default root certificates to verify the peer's certificate.
*
@ -493,7 +420,7 @@ declare namespace Deno {
* @category Network
*/
export function connectTls(
options: ConnectTlsOptions & TlsCertifiedKeyOptions,
options: ConnectTlsOptions & TlsCertifiedKeyPem,
): Promise<TlsConn>;
/** @category Network */

View File

@ -115,7 +115,6 @@ deno_core::extension!(deno_net,
ops_tls::op_tls_key_null,
ops_tls::op_tls_key_static,
ops_tls::op_tls_key_static_from_file<P>,
ops_tls::op_tls_cert_resolver_create,
ops_tls::op_tls_cert_resolver_poll,
ops_tls::op_tls_cert_resolver_resolve,

View File

@ -34,8 +34,6 @@ use deno_tls::new_resolver;
use deno_tls::rustls::pki_types::ServerName;
use deno_tls::rustls::ClientConnection;
use deno_tls::rustls::ServerConfig;
use deno_tls::webpki::types::CertificateDer;
use deno_tls::webpki::types::PrivateKeyDer;
use deno_tls::ServerConfigProvider;
use deno_tls::SocketUse;
use deno_tls::TlsKey;
@ -213,32 +211,6 @@ pub fn op_tls_key_static(
Ok(TlsKeysHolder::from(TlsKeys::Static(TlsKey(cert, key))))
}
/// Legacy op -- will be removed in Deno 2.0.
#[op2]
#[cppgc]
pub fn op_tls_key_static_from_file<NP>(
state: &mut OpState,
#[string] api: String,
#[string] cert_file: String,
#[string] key_file: String,
) -> Result<TlsKeysHolder, AnyError>
where
NP: NetPermissions + 'static,
{
{
let permissions = state.borrow_mut::<NP>();
permissions.check_read(Path::new(&cert_file), &api)?;
permissions.check_read(Path::new(&key_file), &api)?;
}
let cert = load_certs_from_file(&cert_file)?;
let key = load_private_keys_from_file(&key_file)?
.into_iter()
.next()
.unwrap();
Ok(TlsKeysHolder::from(TlsKeys::Static(TlsKey(cert, key))))
}
#[op2]
pub fn op_tls_cert_resolver_create<'s>(
scope: &mut v8::HandleScope<'s>,
@ -455,21 +427,6 @@ where
Ok((rid, IpAddr::from(local_addr), IpAddr::from(remote_addr)))
}
fn load_certs_from_file(
path: &str,
) -> Result<Vec<CertificateDer<'static>>, AnyError> {
let cert_file = File::open(path)?;
let reader = &mut BufReader::new(cert_file);
load_certs(reader)
}
fn load_private_keys_from_file(
path: &str,
) -> Result<Vec<PrivateKeyDer<'static>>, AnyError> {
let key_bytes = std::fs::read(path)?;
load_private_keys(&key_bytes)
}
#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct ListenTlsArgs {

View File

@ -31,40 +31,6 @@ try {
}
}
// Note: this could throw with a `Deno.errors.NotFound` error if `keyFile` and
// `certFile` were used.
const conn1 = await Deno.connectTls({
port: tlsPort,
certFile: "foo",
keyFile: "foo",
});
conn1.close();
console.log("Deno.ConnectTlsOptions.(certFile|keyFile) do nothing");
// Note: this could throw with a `Deno.errors.InvalidData` error if `certChain`
// and `privateKey` were used.
const conn2 = await Deno.connectTls({
port: tlsPort,
certChain: "foo",
privateKey: "foo",
});
conn2.close();
console.log("Deno.ConnectTlsOptions.(certChain|privateKey) do nothing");
tlsListener.close();
// Note: this could throw with a `Deno.errors.NotFound` error if `keyFile` and
// `certFile` were used.
try {
Deno.listenTls({ port: tlsPort, keyFile: "foo", certFile: "foo" });
} catch (error) {
if (
error instanceof Deno.errors.InvalidData &&
error.message ===
"Deno.listenTls requires a key: Error creating TLS certificate"
) {
console.log("Deno.ListenTlsOptions.(keyFile|certFile) do nothing");
}
}
self.close();

View File

@ -2,6 +2,3 @@ window is undefined
Deno.Listener.prototype.rid is undefined
Deno.TlsListener.prototype.rid is undefined
Deno.FsFile constructor is illegal
Deno.ConnectTlsOptions.(certFile|keyFile) do nothing
Deno.ConnectTlsOptions.(certChain|privateKey) do nothing
Deno.ListenTlsOptions.(keyFile|certFile) do nothing

View File

@ -25,9 +25,8 @@ Deno.test(
return keys[sni]!;
},
};
const listener = Deno.listenTls(
<Deno.ListenTlsOptions & Deno.TlsCertifiedKeyConnectTls> opts,
);
// @ts-ignore Trust me
const listener = Deno.listenTls(opts);
for (
const server of ["server-1", "server-2", "fail-server-3", "fail-server-4"]

View File

@ -67,112 +67,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { net: true, read: false }, ignore: DENO_FUTURE },
async function connectTLSCertFileNoReadPerm() {
await assertRejects(async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
certFile: "tests/testdata/tls/RootCA.crt",
});
}, Deno.errors.NotCapable);
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
function listenTLSNonExistentCertKeyFiles() {
const options = {
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/localhost.key",
};
assertThrows(() => {
Deno.listenTls({
...options,
certFile: "./non/existent/file",
});
}, Deno.errors.NotFound);
assertThrows(() => {
Deno.listenTls({
...options,
keyFile: "./non/existent/file",
});
}, Deno.errors.NotFound);
},
);
Deno.test(
{ permissions: { net: true, read: false }, ignore: DENO_FUTURE },
function listenTLSNoReadPerm() {
assertThrows(() => {
Deno.listenTls({
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/localhost.key",
});
}, Deno.errors.NotCapable);
},
);
Deno.test(
{
permissions: { read: true, write: true, net: true },
ignore: DENO_FUTURE,
},
function listenTLSEmptyKeyFile() {
const options = {
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/localhost.key",
};
const testDir = Deno.makeTempDirSync();
const keyFilename = testDir + "/key.pem";
Deno.writeFileSync(keyFilename, new Uint8Array([]), {
mode: 0o666,
});
assertThrows(() => {
Deno.listenTls({
...options,
keyFile: keyFilename,
});
}, Error);
},
);
Deno.test(
{ permissions: { read: true, write: true, net: true } },
function listenTLSEmptyCertFile() {
const options = {
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/localhost.key",
};
const testDir = Deno.makeTempDirSync();
const certFilename = testDir + "/cert.crt";
Deno.writeFileSync(certFilename, new Uint8Array([]), {
mode: 0o666,
});
assertThrows(() => {
Deno.listenTls({
...options,
certFile: certFilename,
});
}, Error);
},
);
Deno.test(
{ permissions: { net: true } },
async function startTlsWithoutExclusiveAccessToTcpConn() {
@ -1147,22 +1041,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTLSBadClientCertPrivateKey(): Promise<void> {
await assertRejects(async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
certChain: "bad data",
privateKey: Deno.readTextFileSync(
"tests/testdata/tls/localhost.key",
),
});
}, Deno.errors.InvalidData);
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTLSBadCertKey(): Promise<void> {
@ -1179,22 +1057,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTLSBadPrivateKey(): Promise<void> {
await assertRejects(async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
certChain: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
privateKey: "bad data",
});
}, Deno.errors.InvalidData);
},
);
Deno.test(
{ permissions: { read: true, net: true } },
async function connectTLSBadKey(): Promise<void> {
@ -1211,22 +1073,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTLSNotPrivateKey(): Promise<void> {
await assertRejects(async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
certChain: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
privateKey: "",
});
}, Deno.errors.InvalidData);
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTLSNotKey(): Promise<void> {
@ -1243,31 +1089,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectWithClientCert() {
// The test_server running on port 4552 responds with 'PASS' if client
// authentication was successful. Try it by running test_server and
// curl --key tests/testdata/tls/localhost.key \
// --cert tests/testdata/tls/localhost.crt \
// --cacert tests/testdata/tls/RootCA.crt https://localhost:4552/
const conn = await Deno.connectTls({
hostname: "localhost",
port: 4552,
certChain: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
privateKey: Deno.readTextFileSync(
"tests/testdata/tls/localhost.key",
),
caCerts: [Deno.readTextFileSync("tests/testdata/tls/RootCA.pem")],
});
const result = decoder.decode(await readAll(conn));
assertEquals(result, "PASS");
conn.close();
},
);
Deno.test(
{ permissions: { read: true, net: true } },
async function connectWithCert() {
@ -1293,56 +1114,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTlsConflictingCertOptions(): Promise<void> {
await assertRejects(
async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
cert: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
certChain: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
key: Deno.readTextFileSync(
"tests/testdata/tls/localhost.key",
),
});
},
TypeError,
"Cannot specify both `certChain` and `cert`",
);
},
);
Deno.test(
{ permissions: { read: true, net: true }, ignore: DENO_FUTURE },
async function connectTlsConflictingKeyOptions(): Promise<void> {
await assertRejects(
async () => {
await Deno.connectTls({
hostname: "deno.land",
port: 443,
cert: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
privateKey: Deno.readTextFileSync(
"tests/testdata/tls/localhost.crt",
),
key: Deno.readTextFileSync(
"tests/testdata/tls/localhost.key",
),
});
},
TypeError,
"Cannot specify both `key` and `privateKey` for `Deno.connectTls`.",
);
},
);
Deno.test(
{ permissions: { read: true, net: true } },
async function connectTLSCaCerts() {
@ -1357,20 +1128,6 @@ Deno.test(
},
);
Deno.test(
{ permissions: { read: true, net: true } },
async function connectTLSCertFile() {
const conn = await Deno.connectTls({
hostname: "localhost",
port: 4557,
certFile: "tests/testdata/tls/RootCA.pem",
});
const result = decoder.decode(await readAll(conn));
assertEquals(result, "PASS");
conn.close();
},
);
Deno.test(
{ permissions: { read: true, net: true } },
async function startTLSCaCerts() {
@ -1397,7 +1154,7 @@ Deno.test(
const connectPromise = Deno.connectTls({
hostname,
port,
certFile: "tests/testdata/tls/RootCA.crt",
caCerts: [await Deno.readTextFile("tests/testdata/tls/RootCA.crt")],
});
const [conn1, conn2] = await Promise.all([acceptPromise, connectPromise]);
listener.close();
@ -1615,8 +1372,8 @@ Deno.test(
Deno.listenTls({
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/invalid.crt",
keyFile: "tests/testdata/tls/localhost.key",
cert: Deno.readTextFileSync("tests/testdata/tls/invalid.crt"),
key: Deno.readTextFileSync("tests/testdata/tls/localhost.key"),
});
}, Deno.errors.InvalidData);
},
@ -1629,21 +1386,21 @@ Deno.test(
Deno.listenTls({
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost.crt",
keyFile: "tests/testdata/tls/invalid.key",
cert: Deno.readTextFileSync("tests/testdata/tls/localhost.crt"),
key: Deno.readTextFileSync("tests/testdata/tls/invalid.key"),
});
}, Deno.errors.InvalidData);
},
);
Deno.test(
{ ignore: DENO_FUTURE, permissions: { net: true, read: true } },
{ permissions: { net: true, read: true } },
function listenTLSEcKey() {
const listener = Deno.listenTls({
hostname: "localhost",
port: 0,
certFile: "tests/testdata/tls/localhost_ecc.crt",
keyFile: "tests/testdata/tls/localhost_ecc.key",
cert: Deno.readTextFileSync("tests/testdata/tls/localhost_ecc.crt"),
key: Deno.readTextFileSync("tests/testdata/tls/localhost_ecc.key"),
});
listener.close();
},

View File

@ -10,10 +10,8 @@ import * as stream from "node:stream";
const tlsTestdataDir = fromFileUrl(
new URL("../testdata/tls", import.meta.url),
);
const keyFile = join(tlsTestdataDir, "localhost.key");
const certFile = join(tlsTestdataDir, "localhost.crt");
const key = Deno.readTextFileSync(keyFile);
const cert = Deno.readTextFileSync(certFile);
const key = Deno.readTextFileSync(join(tlsTestdataDir, "localhost.key"));
const cert = Deno.readTextFileSync(join(tlsTestdataDir, "localhost.crt"));
const rootCaCert = Deno.readTextFileSync(join(tlsTestdataDir, "RootCA.pem"));
for (