diff options
| author |  Liz3 (Yann HN) <accs@liz3.net>
| 2023-10-21 03:41:25 +0200 |
|---|---|---|
| committer | Liz3 (Yann HN) <accs@liz3.net>
| 2023-10-21 03:41:25 +0200 |
| commit | e81efbb42e7b04e4abf75707f0618fcd38c5a00a (patch) | |
| tree | 6291b43ef55dcee1099c2094758972725ed180f3 | |
| parent | 1bfcb78c6dd28244d1011c52fd2e52a9d6c5556e (diff) | |
| download | bun-e81efbb42e7b04e4abf75707f0618fcd38c5a00a.tar.gz bun-e81efbb42e7b04e4abf75707f0618fcd38c5a00a.tar.zst bun-e81efbb42e7b04e4abf75707f0618fcd38c5a00a.zip | |
fix: add more supported properties and only create custom context if actually needed
| -rw-r--r-- | src/bun.js/api/server.zig | 17 | ||||
| -rw-r--r-- | src/bun.js/webcore/response.zig | 28 | ||||
| -rw-r--r-- | src/http_client_async.zig | 4 | ||||
| -rw-r--r-- | src/js/node/http.ts | 33 |
4 files changed, 55 insertions, 27 deletions
diff --git a/src/bun.js/api/server.zig b/src/bun.js/api/server.zig index edf1d6d69..979f21b33 100644 --- a/src/bun.js/api/server.zig +++ b/src/bun.js/api/server.zig @@ -190,6 +190,7 @@ pub const ServerConfig = struct { } pub const SSLConfig = struct { + requires_custom_request_ctx: bool = false, server_name: [*c]const u8 = null, key_file_name: [*c]const u8 = null, @@ -365,11 +366,13 @@ pub const ServerConfig = struct { native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable; valid_count += 1; any = true; + result.requires_custom_request_ctx = true; } } else if (BlobFileContentResult.init("key", item, global, exception)) |content| { if (content.data.len > 0) { native_array[valid_count] = content.data.ptr; valid_count += 1; + result.requires_custom_request_ctx = true; any = true; } else { // mark and free all CA's @@ -401,6 +404,7 @@ pub const ServerConfig = struct { result.key = native_array; result.key_count = 1; any = true; + result.requires_custom_request_ctx = true; } else { result.deinit(); return null; @@ -412,6 +416,7 @@ pub const ServerConfig = struct { if (sliced.len > 0) { native_array[0] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable; any = true; + result.requires_custom_request_ctx = true; result.key = native_array; result.key_count = 1; } else { @@ -438,6 +443,7 @@ pub const ServerConfig = struct { return null; } any = true; + result.requires_custom_request_ctx = true; } } @@ -450,6 +456,7 @@ pub const ServerConfig = struct { } any = true; + result.requires_custom_request_ctx = true; } else { global.throwInvalidArguments("ALPNProtocols argument must be an string, Buffer or TypedArray", .{}); result.deinit(); @@ -474,11 +481,13 @@ pub const ServerConfig = struct { native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable; valid_count += 1; any = true; + result.requires_custom_request_ctx = true; } } else if (BlobFileContentResult.init("cert", item, global, exception)) |content| { if (content.data.len > 0) { native_array[valid_count] = content.data.ptr; valid_count += 1; + result.requires_custom_request_ctx = true; any = true; } else { // mark and free all CA's @@ -510,6 +519,7 @@ pub const ServerConfig = struct { result.cert = native_array; result.cert_count = 1; any = true; + result.requires_custom_request_ctx = true; } else { result.deinit(); return null; @@ -552,6 +562,7 @@ pub const ServerConfig = struct { if (sliced.len > 0) { result.ssl_ciphers = bun.default_allocator.dupeZ(u8, sliced.slice()) catch unreachable; any = true; + result.requires_custom_request_ctx = true; } } if (obj.getTruthy(global, "serverName")) |server_name| { @@ -560,6 +571,7 @@ pub const ServerConfig = struct { if (sliced.len > 0) { result.server_name = bun.default_allocator.dupeZ(u8, sliced.slice()) catch unreachable; any = true; + result.requires_custom_request_ctx = true; } } @@ -580,11 +592,13 @@ pub const ServerConfig = struct { native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable; valid_count += 1; any = true; + result.requires_custom_request_ctx = true; } } else if (BlobFileContentResult.init("ca", item, global, exception)) |content| { if (content.data.len > 0) { native_array[valid_count] = content.data.ptr; valid_count += 1; + result.requires_custom_request_ctx = true; any = true; } else { // mark and free all CA's @@ -616,6 +630,7 @@ pub const ServerConfig = struct { result.ca = native_array; result.ca_count = 1; any = true; + result.requires_custom_request_ctx = true; } else { result.deinit(); return null; @@ -627,6 +642,7 @@ pub const ServerConfig = struct { if (sliced.len > 0) { native_array[0] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable; any = true; + result.requires_custom_request_ctx = true; result.ca = native_array; result.ca_count = 1; } else { @@ -685,6 +701,7 @@ pub const ServerConfig = struct { if (obj.get(global, "lowMemoryMode")) |low_memory_mode| { result.low_memory_mode = low_memory_mode.toBoolean(); + result.requires_custom_request_ctx = true; any = true; } } diff --git a/src/bun.js/webcore/response.zig b/src/bun.js/webcore/response.zig index c6f5741e0..706773906 100644 --- a/src/bun.js/webcore/response.zig +++ b/src/bun.js/webcore/response.zig @@ -1868,13 +1868,7 @@ pub const Fetch = struct { if (SSLConfig.inJS(globalThis, tls, exception)) |config| { ssl_config = config; } - if (tls.get(ctx, "rejectUnauthorized")) |reject| { - if (reject.isBoolean()) { - reject_unauthorized = reject.asBoolean(); - } else if (reject.isNumber()) { - reject_unauthorized = reject.to(i32) != 0; - } - } + if (tls.get(ctx, "checkServerIdentity")) |checkServerIdentity| { if (checkServerIdentity.isCell() and checkServerIdentity.isCallable(globalThis.vm())) { check_server_identity = checkServerIdentity; @@ -2068,22 +2062,14 @@ pub const Fetch = struct { } if (options.get(ctx, "tls")) |tls| { - if (ssl_config) |*conf| { - conf.deinit(); - ssl_config = null; - } - if (SSLConfig.inJS(globalThis, tls, exception)) |config| { - ssl_config = config; - } if (!tls.isEmptyOrUndefinedOrNull() and tls.isObject()) { - if (tls.get(ctx, "rejectUnauthorized")) |reject| { - if (reject.isBoolean()) { - reject_unauthorized = reject.asBoolean(); - } else if (reject.isNumber()) { - reject_unauthorized = reject.to(i32) != 0; - } + if (ssl_config) |*conf| { + conf.deinit(); + ssl_config = null; + } + if (SSLConfig.inJS(globalThis, tls, exception)) |config| { + ssl_config = config; } - if (tls.get(ctx, "checkServerIdentity")) |checkServerIdentity| { if (checkServerIdentity.isCell() and checkServerIdentity.isCallable(globalThis.vm())) { check_server_identity = checkServerIdentity; diff --git a/src/http_client_async.zig b/src/http_client_async.zig index 561ccb78e..0a18297b6 100644 --- a/src/http_client_async.zig +++ b/src/http_client_async.zig @@ -367,7 +367,7 @@ fn NewHTTPContext(comptime ssl: bool) type { var opts = client.tls_props.?.asUSockets(); opts.request_cert = 1; - opts.reject_unauthorized = 1; + opts.reject_unauthorized = 0; var socket = uws.us_create_bun_socket_context(ssl_int, http_thread.loop, @sizeOf(usize), opts); if (socket == null) { return error.FailedToOpenSocket; @@ -766,7 +766,7 @@ pub const HTTPThread = struct { pub fn connect(this: *@This(), client: *HTTPClient, comptime is_ssl: bool) !NewHTTPContext(is_ssl).HTTPSocket { if (comptime is_ssl) { - const needs_own_context = client.tls_props != null; + const needs_own_context = client.tls_props != null and client.tls_props.?.requires_custom_request_ctx; if (needs_own_context) { var custom_context = try bun.default_allocator.create(NewHTTPContext(is_ssl)); client.custom_context = custom_context; diff --git a/src/js/node/http.ts b/src/js/node/http.ts index 477da476c..313273438 100644 --- a/src/js/node/http.ts +++ b/src/js/node/http.ts @@ -1213,7 +1213,11 @@ class ClientRequest extends OutgoingMessage { #ca = null; #key = null; #cert = null; + #ciphers = null; #passphrase = null; + #secureOptions = null; + #servername = null; + #rejectUnauthorized; #useDefaultPort; #joinDuplicateHeaders; #maxHeaderSize; @@ -1298,6 +1302,10 @@ class ClientRequest extends OutgoingMessage { pfx: this.#pfx, key: this.#key, cert: this.#cert, + ciphers: this.#ciphers, + secureOptions: this.#secureOptions, + rejectUnauthorized: this.#rejectUnauthorized, + serverName: this.#servername, } : undefined; try { @@ -1485,8 +1493,10 @@ class ClientRequest extends OutgoingMessage { } this.#joinDuplicateHeaders = _joinDuplicateHeaders; - if (options.pfx) this.#pfx = options.pfx; - + if (options.pfx) { + throw new Error("pfx is not supported"); + } + this.#rejectUnauthorized = options.rejectUnauthorized; if (options.ca) { if (!isValidTLSArray(options.ca)) throw new TypeError( @@ -1504,12 +1514,27 @@ class ClientRequest extends OutgoingMessage { if (options.key) { if (!isValidTLSArray(options.key)) throw new TypeError( - "passphrase argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile", + "key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile", ); this.#key = options.key; } - if (options.passphrase) this.#passphrase = options.passphrase; + if (options.passphrase) { + if (typeof options.passphrase !== "string") throw new TypeError("passphrase argument must be a string"); + this.#passphrase = options.passphrase; + } + if (options.ciphers) { + if (typeof options.ciphers !== "string") throw new TypeError("ciphers argument must be a string"); + this.#ciphers = options.ciphers; + } + if (options.servername) { + if (typeof options.servername !== "string") throw new TypeError("servername argument must be a string"); + this.#servername = options.servername; + } + if (options.secureOptions) { + if (typeof options.secureOptions !== "number") throw new TypeError("secureOptions argument must be a string"); + this.#secureOptions = options.secureOptions; + } this.#path = options.path || "/"; if (cb) { this.once("response", cb); |