Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: load full certificate bundles from NODE_EXTRA_CA_CERTS #16782

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: load full certificate bundles from NODE_EXTRA_CA_CERTS #16782

wants to merge 1 commit into from
+370 −123

Conversation

ShlomoCode
Copy link

@ShlomoCode ShlomoCode commented Jan 27, 2025
edited
Loading

What does this PR do?

Closes #13867

  • Documentation or TypeScript types (it's okay to leave the rest blank in this case)
  • Code changes

How did you verify your code works?

I added tests.

P.S.

Inspired by Node.js' approach (https://github.com/nodejs/node/blob/main/src/crypto/crypto_context.cc#L215-L236 - https://github.com/nodejs/node/blob/main/src/crypto/crypto_context.cc#L565-L577)

@ShlomoCode ShlomoCode closed this Jan 27, 2025
@ShlomoCode ShlomoCode reopened this Jan 27, 2025
@ShlomoCode ShlomoCode force-pushed the main branch 2 times, most recently from 0304e37 to 98b16af Compare January 28, 2025 01:15
@ShlomoCode ShlomoCode marked this pull request as ready for review February 4, 2025 05:22
@ShlomoCode ShlomoCode marked this pull request as draft February 5, 2025 12:56
@ShlomoCode ShlomoCode force-pushed the main branch 2 times, most recently from 062e57f to 8b38e9f Compare February 5, 2025 13:46
@ShlomoCode ShlomoCode marked this pull request as ready for review February 5, 2025 14:44
@ShlomoCode
Copy link
Author

@cirospaciari Would you mind taking a look? Thank you!

cirospaciari
cirospaciari requested changes Feb 6, 2025
View reviewed changes
Copy link
Member

@cirospaciari cirospaciari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good only 1 comment, and I would ask for tests using tls module too

packages/bun-usockets/src/crypto/root_certs.cpp Outdated Show resolved Hide resolved
@ShlomoCode ShlomoCode force-pushed the main branch 2 times, most recently from 8ea761b to a38b1ac Compare February 8, 2025 20:09
@ShlomoCode ShlomoCode force-pushed the main branch 2 times, most recently from b905456 to 830ac77 Compare February 8, 2025 20:21
cirospaciari
cirospaciari requested changes Feb 11, 2025
View reviewed changes
packages/bun-usockets/src/crypto/root_certs.cpp
ERR_error_string_n(ERR_peek_last_error(), buf, sizeof(buf));
char msg[512];
snprintf(msg, sizeof(msg), "ignoring extra certs from `%s`, load failed: %s", filename, buf);
bun_log_warn(msg);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of snprintf can you pass filename and buf to bun_log_warn and handle it there?

also can you call ERR_clear_error after logging?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cirospaciari cirospaciari cirospaciari requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

NODE_EXTRA_CA_CERTS does not work with certificate bundle pem files (it does work with node)
2 participants
@ShlomoCode @cirospaciari