Update ops_tls.rs

Add cert options to StartTls from ConnectTlsArgs Signed-off-by: Emrul <[email protected]>
emrul · Dec 7, 2023 · 5100be0 · 5100be0
1 parent 890780a
commit 5100be0
Showing 1 changed file with 32 additions and 2 deletions.
diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs
@@ -154,9 +154,12 @@ pub struct ConnectTlsArgs {
 #[serde(rename_all = "camelCase")]
 pub struct StartTlsArgs {
  rid: ResourceId,
- ca_certs: Vec<String>,
  hostname: String,
  alpn_protocols: Option<Vec<String>>,
+ cert_file: Option<String>,
+ ca_certs: Vec<String>,
+ cert_chain: Option<String>,
+ private_key: Option<String>,
 }
 
 #[op2(async)]
@@ -214,11 +217,38 @@ where
  let local_addr = tcp_stream.local_addr()?;
  let remote_addr = tcp_stream.peer_addr()?;
 
+ let cert_file = args.cert_file.as_deref();
+
+ if args.cert_chain.is_some() {
+ super::check_unstable(&state.borrow(), "ConnectTlsOptions.certChain");
+ }
+ if args.private_key.is_some() {
+ super::check_unstable(&state.borrow(), "ConnectTlsOptions.privateKey");
+ }
+
+ let cert_chain_and_key =
+ if args.cert_chain.is_some() || args.private_key.is_some() {
+ let cert_chain = args
+ .cert_chain
+ .ok_or_else(|| type_error("No certificate chain provided"))?;
+ let private_key = args
+ .private_key
+ .ok_or_else(|| type_error("No private key provided"))?;
+ Some((cert_chain, private_key))
+ } else {
+ None
+ };
+
+ if let Some(path) = cert_file {
+ let mut buf = Vec::new();
+ File::open(path)?.read_to_end(&mut buf)?;
+ ca_certs.push(buf);
+ };
  let mut tls_config = create_client_config(
  root_cert_store,
  ca_certs,
  unsafely_ignore_certificate_errors,
- None,
+ cert_chain_and_key,
  SocketUse::GeneralSsl,
  )?;