Revert "chore: upgrade to rustls 0.20 (denoland#12488)"

This reverts commit a2f1357.
andreubotella · Dec 16, 2021 · 70f7275 · 70f7275
1 parent 4d176b7
commit 70f7275
Show file tree

Hide file tree

Showing 15 changed files with 359 additions and 422 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cli/proc_state.rs b/cli/proc_state.rs
@@ -38,11 +38,9 @@ use deno_graph::MediaType;
 use deno_graph::ModuleGraphError;
 use deno_graph::Range;
 use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel;
-use deno_runtime::deno_tls::rustls;
 use deno_runtime::deno_tls::rustls::RootCertStore;
 use deno_runtime::deno_tls::rustls_native_certs::load_native_certs;
-use deno_runtime::deno_tls::rustls_pemfile;
-use deno_runtime::deno_tls::webpki_roots;
+use deno_runtime::deno_tls::webpki_roots::TLS_SERVER_ROOTS;
 use deno_runtime::deno_web::BlobStore;
 use deno_runtime::inspector_server::InspectorServer;
 use deno_runtime::permissions::Permissions;
@@ -208,24 +206,13 @@ impl ProcState {
  for store in ca_stores.iter() {
  match store.as_str() {
  "mozilla" => {
- root_cert_store.add_server_trust_anchors(
- webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
- rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
- ta.subject,
- ta.spki,
- ta.name_constraints,
- )
- }),
- );
+ root_cert_store.add_server_trust_anchors(&TLS_SERVER_ROOTS);
  }
  "system" => {
- let roots =
- load_native_certs().expect("could not load platform certs");
- for root in roots {
- root_cert_store
- .add(&rustls::Certificate(root.0))
- .expect("Failed to add platform cert to root cert store");
- }
+ let roots = load_native_certs()
+ .expect("could not load platform certs")
+ .roots;
+ root_cert_store.roots.extend(roots);
  }
  _ => {
  return Err(anyhow!("Unknown certificate store \"{}\" specified (allowed: \"system,mozilla\")", store));
@@ -238,16 +225,9 @@ impl ProcState {
  let certfile = File::open(&ca_file)?;
  let mut reader = BufReader::new(certfile);
 
- match rustls_pemfile::certs(&mut reader) {
- Ok(certs) => {
- root_cert_store.add_parsable_certificates(&certs);
- }
- Err(e) => {
- return Err(anyhow!(
- "Unable to add pem file to certificate store: {}",
- e
- ));
- }
+ // This function does not return specific errors, if it fails give a generic message.
+ if let Err(_err) = root_cert_store.add_pem_file(&mut reader) {
+ return Err(anyhow!("Unable to add pem file to certificate store"));
  }
  }
 

diff --git a/cli/standalone.rs b/cli/standalone.rs
@@ -22,7 +22,6 @@ use deno_core::ModuleLoader;
 use deno_core::ModuleSpecifier;
 use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel;
 use deno_runtime::deno_tls::create_default_root_cert_store;
-use deno_runtime::deno_tls::rustls_pemfile;
 use deno_runtime::deno_web::BlobStore;
 use deno_runtime::permissions::Permissions;
 use deno_runtime::permissions::PermissionsOptions;
@@ -222,16 +221,9 @@ pub async fn run(
 
  if let Some(cert) = metadata.ca_data {
  let reader = &mut BufReader::new(Cursor::new(cert));
- match rustls_pemfile::certs(reader) {
- Ok(certs) => {
- root_cert_store.add_parsable_certificates(&certs);
- }
- Err(e) => {
- return Err(anyhow!(
- "Unable to add pem file to certificate store: {}",
- e
- ));
- }
+ // This function does not return specific errors, if it fails give a generic message.
+ if let Err(_err) = root_cert_store.add_pem_file(reader) {
+ return Err(anyhow!("Unable to add pem file to certificate store"));
  }
  }