aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/bun.js/api/server.zig17
-rw-r--r--src/bun.js/webcore/response.zig28
-rw-r--r--src/http_client_async.zig4
-rw-r--r--src/js/node/http.ts33
4 files changed, 55 insertions, 27 deletions
diff --git a/src/bun.js/api/server.zig b/src/bun.js/api/server.zig
index edf1d6d69..979f21b33 100644
--- a/src/bun.js/api/server.zig
+++ b/src/bun.js/api/server.zig
@@ -190,6 +190,7 @@ pub const ServerConfig = struct {
}
pub const SSLConfig = struct {
+ requires_custom_request_ctx: bool = false,
server_name: [*c]const u8 = null,
key_file_name: [*c]const u8 = null,
@@ -365,11 +366,13 @@ pub const ServerConfig = struct {
native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable;
valid_count += 1;
any = true;
+ result.requires_custom_request_ctx = true;
}
} else if (BlobFileContentResult.init("key", item, global, exception)) |content| {
if (content.data.len > 0) {
native_array[valid_count] = content.data.ptr;
valid_count += 1;
+ result.requires_custom_request_ctx = true;
any = true;
} else {
// mark and free all CA's
@@ -401,6 +404,7 @@ pub const ServerConfig = struct {
result.key = native_array;
result.key_count = 1;
any = true;
+ result.requires_custom_request_ctx = true;
} else {
result.deinit();
return null;
@@ -412,6 +416,7 @@ pub const ServerConfig = struct {
if (sliced.len > 0) {
native_array[0] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable;
any = true;
+ result.requires_custom_request_ctx = true;
result.key = native_array;
result.key_count = 1;
} else {
@@ -438,6 +443,7 @@ pub const ServerConfig = struct {
return null;
}
any = true;
+ result.requires_custom_request_ctx = true;
}
}
@@ -450,6 +456,7 @@ pub const ServerConfig = struct {
}
any = true;
+ result.requires_custom_request_ctx = true;
} else {
global.throwInvalidArguments("ALPNProtocols argument must be an string, Buffer or TypedArray", .{});
result.deinit();
@@ -474,11 +481,13 @@ pub const ServerConfig = struct {
native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable;
valid_count += 1;
any = true;
+ result.requires_custom_request_ctx = true;
}
} else if (BlobFileContentResult.init("cert", item, global, exception)) |content| {
if (content.data.len > 0) {
native_array[valid_count] = content.data.ptr;
valid_count += 1;
+ result.requires_custom_request_ctx = true;
any = true;
} else {
// mark and free all CA's
@@ -510,6 +519,7 @@ pub const ServerConfig = struct {
result.cert = native_array;
result.cert_count = 1;
any = true;
+ result.requires_custom_request_ctx = true;
} else {
result.deinit();
return null;
@@ -552,6 +562,7 @@ pub const ServerConfig = struct {
if (sliced.len > 0) {
result.ssl_ciphers = bun.default_allocator.dupeZ(u8, sliced.slice()) catch unreachable;
any = true;
+ result.requires_custom_request_ctx = true;
}
}
if (obj.getTruthy(global, "serverName")) |server_name| {
@@ -560,6 +571,7 @@ pub const ServerConfig = struct {
if (sliced.len > 0) {
result.server_name = bun.default_allocator.dupeZ(u8, sliced.slice()) catch unreachable;
any = true;
+ result.requires_custom_request_ctx = true;
}
}
@@ -580,11 +592,13 @@ pub const ServerConfig = struct {
native_array[valid_count] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable;
valid_count += 1;
any = true;
+ result.requires_custom_request_ctx = true;
}
} else if (BlobFileContentResult.init("ca", item, global, exception)) |content| {
if (content.data.len > 0) {
native_array[valid_count] = content.data.ptr;
valid_count += 1;
+ result.requires_custom_request_ctx = true;
any = true;
} else {
// mark and free all CA's
@@ -616,6 +630,7 @@ pub const ServerConfig = struct {
result.ca = native_array;
result.ca_count = 1;
any = true;
+ result.requires_custom_request_ctx = true;
} else {
result.deinit();
return null;
@@ -627,6 +642,7 @@ pub const ServerConfig = struct {
if (sliced.len > 0) {
native_array[0] = bun.default_allocator.dupeZ(u8, sliced) catch unreachable;
any = true;
+ result.requires_custom_request_ctx = true;
result.ca = native_array;
result.ca_count = 1;
} else {
@@ -685,6 +701,7 @@ pub const ServerConfig = struct {
if (obj.get(global, "lowMemoryMode")) |low_memory_mode| {
result.low_memory_mode = low_memory_mode.toBoolean();
+ result.requires_custom_request_ctx = true;
any = true;
}
}
diff --git a/src/bun.js/webcore/response.zig b/src/bun.js/webcore/response.zig
index c6f5741e0..706773906 100644
--- a/src/bun.js/webcore/response.zig
+++ b/src/bun.js/webcore/response.zig
@@ -1868,13 +1868,7 @@ pub const Fetch = struct {
if (SSLConfig.inJS(globalThis, tls, exception)) |config| {
ssl_config = config;
}
- if (tls.get(ctx, "rejectUnauthorized")) |reject| {
- if (reject.isBoolean()) {
- reject_unauthorized = reject.asBoolean();
- } else if (reject.isNumber()) {
- reject_unauthorized = reject.to(i32) != 0;
- }
- }
+
if (tls.get(ctx, "checkServerIdentity")) |checkServerIdentity| {
if (checkServerIdentity.isCell() and checkServerIdentity.isCallable(globalThis.vm())) {
check_server_identity = checkServerIdentity;
@@ -2068,22 +2062,14 @@ pub const Fetch = struct {
}
if (options.get(ctx, "tls")) |tls| {
- if (ssl_config) |*conf| {
- conf.deinit();
- ssl_config = null;
- }
- if (SSLConfig.inJS(globalThis, tls, exception)) |config| {
- ssl_config = config;
- }
if (!tls.isEmptyOrUndefinedOrNull() and tls.isObject()) {
- if (tls.get(ctx, "rejectUnauthorized")) |reject| {
- if (reject.isBoolean()) {
- reject_unauthorized = reject.asBoolean();
- } else if (reject.isNumber()) {
- reject_unauthorized = reject.to(i32) != 0;
- }
+ if (ssl_config) |*conf| {
+ conf.deinit();
+ ssl_config = null;
+ }
+ if (SSLConfig.inJS(globalThis, tls, exception)) |config| {
+ ssl_config = config;
}
-
if (tls.get(ctx, "checkServerIdentity")) |checkServerIdentity| {
if (checkServerIdentity.isCell() and checkServerIdentity.isCallable(globalThis.vm())) {
check_server_identity = checkServerIdentity;
diff --git a/src/http_client_async.zig b/src/http_client_async.zig
index 561ccb78e..0a18297b6 100644
--- a/src/http_client_async.zig
+++ b/src/http_client_async.zig
@@ -367,7 +367,7 @@ fn NewHTTPContext(comptime ssl: bool) type {
var opts = client.tls_props.?.asUSockets();
opts.request_cert = 1;
- opts.reject_unauthorized = 1;
+ opts.reject_unauthorized = 0;
var socket = uws.us_create_bun_socket_context(ssl_int, http_thread.loop, @sizeOf(usize), opts);
if (socket == null) {
return error.FailedToOpenSocket;
@@ -766,7 +766,7 @@ pub const HTTPThread = struct {
pub fn connect(this: *@This(), client: *HTTPClient, comptime is_ssl: bool) !NewHTTPContext(is_ssl).HTTPSocket {
if (comptime is_ssl) {
- const needs_own_context = client.tls_props != null;
+ const needs_own_context = client.tls_props != null and client.tls_props.?.requires_custom_request_ctx;
if (needs_own_context) {
var custom_context = try bun.default_allocator.create(NewHTTPContext(is_ssl));
client.custom_context = custom_context;
diff --git a/src/js/node/http.ts b/src/js/node/http.ts
index 477da476c..313273438 100644
--- a/src/js/node/http.ts
+++ b/src/js/node/http.ts
@@ -1213,7 +1213,11 @@ class ClientRequest extends OutgoingMessage {
#ca = null;
#key = null;
#cert = null;
+ #ciphers = null;
#passphrase = null;
+ #secureOptions = null;
+ #servername = null;
+ #rejectUnauthorized;
#useDefaultPort;
#joinDuplicateHeaders;
#maxHeaderSize;
@@ -1298,6 +1302,10 @@ class ClientRequest extends OutgoingMessage {
pfx: this.#pfx,
key: this.#key,
cert: this.#cert,
+ ciphers: this.#ciphers,
+ secureOptions: this.#secureOptions,
+ rejectUnauthorized: this.#rejectUnauthorized,
+ serverName: this.#servername,
}
: undefined;
try {
@@ -1485,8 +1493,10 @@ class ClientRequest extends OutgoingMessage {
}
this.#joinDuplicateHeaders = _joinDuplicateHeaders;
- if (options.pfx) this.#pfx = options.pfx;
-
+ if (options.pfx) {
+ throw new Error("pfx is not supported");
+ }
+ this.#rejectUnauthorized = options.rejectUnauthorized;
if (options.ca) {
if (!isValidTLSArray(options.ca))
throw new TypeError(
@@ -1504,12 +1514,27 @@ class ClientRequest extends OutgoingMessage {
if (options.key) {
if (!isValidTLSArray(options.key))
throw new TypeError(
- "passphrase argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile",
+ "key argument must be an string, Buffer, TypedArray, BunFile or an array containing string, Buffer, TypedArray or BunFile",
);
this.#key = options.key;
}
- if (options.passphrase) this.#passphrase = options.passphrase;
+ if (options.passphrase) {
+ if (typeof options.passphrase !== "string") throw new TypeError("passphrase argument must be a string");
+ this.#passphrase = options.passphrase;
+ }
+ if (options.ciphers) {
+ if (typeof options.ciphers !== "string") throw new TypeError("ciphers argument must be a string");
+ this.#ciphers = options.ciphers;
+ }
+ if (options.servername) {
+ if (typeof options.servername !== "string") throw new TypeError("servername argument must be a string");
+ this.#servername = options.servername;
+ }
+ if (options.secureOptions) {
+ if (typeof options.secureOptions !== "number") throw new TypeError("secureOptions argument must be a string");
+ this.#secureOptions = options.secureOptions;
+ }
this.#path = options.path || "/";
if (cb) {
this.once("response", cb);
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-26 20:30:57 +0000