diff options
| author |  Anshul Gupta <ansg191@anshulg.com>
| 2023-10-22 15:11:51 -0700 |
|---|---|---|
| committer | Anshul Gupta <ansg191@anshulg.com>
| 2023-10-23 13:11:11 -0700 |
| commit | 1328d2324f6d3b2a5bd856c078df997c8ff4829d (patch) | |
| tree | 595562262f06b5fe40d2ad7c4b9df00e623ab132 /src/bun.js/webcore/response.zig | |
| parent | f7f2e978a153f681bdc1f1b3939aa6e76498a9d7 (diff) | |
| download | bun-ansg191/system-store.tar.gz bun-ansg191/system-store.tar.zst bun-ansg191/system-store.zip | |
Adds BUN_TLS_CA_STORE env var to select CA storeansg191/system-store
BUN_TLS_CA_STORE is a comma seperated list of CA store sources for bun
to retrieve certificates from. The options are currently `mozilla` for
embedded Mozilla certs & `system` for loading certs from the native
platform store. Defaults to `mozilla`.
Diffstat (limited to 'src/bun.js/webcore/response.zig')
| -rw-r--r-- | src/bun.js/webcore/response.zig | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/bun.js/webcore/response.zig b/src/bun.js/webcore/response.zig index 8ad5442ae..3eb436e68 100644 --- a/src/bun.js/webcore/response.zig +++ b/src/bun.js/webcore/response.zig @@ -1504,6 +1504,7 @@ pub const Fetch = struct { fetch_tasklet.http.?.client.disable_keepalive = fetch_options.disable_keepalive; fetch_tasklet.http.?.client.disable_decompression = fetch_options.disable_decompression; fetch_tasklet.http.?.client.reject_unauthorized = fetch_options.reject_unauthorized; + fetch_tasklet.http.?.client.ca_store = fetch_options.ca_store; fetch_tasklet.http.?.client.tls_props = fetch_options.ssl_config; @@ -1556,6 +1557,7 @@ pub const Fetch = struct { memory_reporter: *JSC.MemoryReportingAllocator, check_server_identity: JSC.Strong = .{}, ssl_config: ?SSLConfig = null, + ca_store: bun.HTTP.HTTPCAStore = .{}, }; pub fn queue( @@ -1715,6 +1717,7 @@ pub const Fetch = struct { var url_proxy_buffer: []const u8 = undefined; var is_file_url = false; var reject_unauthorized = script_ctx.bundler.env.getTLSRejectUnauthorized(); + var ca_store = script_ctx.bundler.env.getTLSCAStore(); var check_server_identity: JSValue = .zero; // TODO: move this into a DRYer implementation // The status quo is very repetitive and very bug prone @@ -1880,6 +1883,9 @@ pub const Fetch = struct { check_server_identity = checkServerIdentity; } } + if (tls.get(ctx, "caStore")) |caStore| { + ca_store = bun.HTTP.HTTPCAStore.fromJS(globalThis, caStore); + } } } @@ -2089,6 +2095,10 @@ pub const Fetch = struct { check_server_identity = checkServerIdentity; } } + + if (tls.get(ctx, "caStore")) |caStore| { + ca_store = bun.HTTP.HTTPCAStore.fromJS(globalThis, caStore); + } } } @@ -2361,6 +2371,7 @@ pub const Fetch = struct { .hostname = hostname, .memory_reporter = memory_reporter, .check_server_identity = if (check_server_identity.isEmptyOrUndefinedOrNull()) .{} else JSC.Strong.create(check_server_identity, globalThis), + .ca_store = ca_store, }, // Pass the Strong value instead of creating a new one, or else we // will leak it |