diff --git a/cli/tests/testdata/cert/listen_tls_alpn.ts b/cli/tests/testdata/cert/listen_tls_alpn.ts index b3ade686ed22e0..6b92364ba2e1b8 100644 --- a/cli/tests/testdata/cert/listen_tls_alpn.ts +++ b/cli/tests/testdata/cert/listen_tls_alpn.ts @@ -1,7 +1,7 @@ const listener = Deno.listenTls({ port: Number(Deno.args[0]), - certFile: "./tls/localhost.crt", - keyFile: "./tls/localhost.key", + cert: Deno.readTextFileSync("./tls/localhost.crt"), + key: Deno.readTextFileSync("./tls/localhost.key"), alpnProtocols: ["h2", "http/1.1", "foobar"], }); diff --git a/cli/tests/testdata/cert/listen_tls_alpn_fail.ts b/cli/tests/testdata/cert/listen_tls_alpn_fail.ts index c1aa4b31d0f02e..e321c9bd354c05 100644 --- a/cli/tests/testdata/cert/listen_tls_alpn_fail.ts +++ b/cli/tests/testdata/cert/listen_tls_alpn_fail.ts @@ -2,8 +2,8 @@ import { assertRejects } from "../../../../test_util/std/assert/mod.ts"; const listener = Deno.listenTls({ port: Number(Deno.args[0]), - certFile: "./tls/localhost.crt", - keyFile: "./tls/localhost.key", + cert: Deno.readTextFileSync("./tls/localhost.crt"), + key: Deno.readTextFileSync("./tls/localhost.key"), alpnProtocols: ["h2", "http/1.1", "foobar"], }); diff --git a/cli/tests/testdata/run/tls_connecttls.js b/cli/tests/testdata/run/tls_connecttls.js index 18a0783fc94317..8c6c285f3e7ca9 100644 --- a/cli/tests/testdata/run/tls_connecttls.js +++ b/cli/tests/testdata/run/tls_connecttls.js @@ -12,8 +12,8 @@ const port = 3505; const listener = Deno.listenTls({ hostname, port, - certFile: "./tls/localhost.crt", - keyFile: "./tls/localhost.key", + cert: Deno.readTextFileSync("./tls/localhost.crt"), + key: Deno.readTextFileSync("./tls/localhost.key"), }); const response = encoder.encode( diff --git a/cli/tests/testdata/run/tls_starttls.js b/cli/tests/testdata/run/tls_starttls.js index 3d84ac74a23757..3e406ff5f51691 100644 --- a/cli/tests/testdata/run/tls_starttls.js +++ b/cli/tests/testdata/run/tls_starttls.js @@ -13,8 +13,8 @@ const port = 3504; const listener = Deno.listenTls({ hostname, port, - certFile: "./tls/localhost.crt", - keyFile: "./tls/localhost.key", + cert: Deno.readTextFileSync("./tls/localhost.crt"), + key: Deno.readTextFileSync("./tls/localhost.key"), }); const response = encoder.encode( diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts index bd4c8da09fd01a..acdaef90357996 100644 --- a/cli/tests/unit/http_test.ts +++ b/cli/tests/unit/http_test.ts @@ -326,8 +326,8 @@ Deno.test( const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"), + key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"), }); const conn = await listener.accept(); const httpConn = Deno.serveHttp(conn); @@ -2294,8 +2294,8 @@ Deno.test( const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), }); const caCerts = [ @@ -2600,8 +2600,8 @@ for (const compression of [true, false]) { const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), alpnProtocols: ["h2"], }); const server = httpServerWithErrorBody(listener, compression); diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts index 8ab41b81a4d523..2e797b16090a23 100644 --- a/cli/tests/unit/tls_test.ts +++ b/cli/tests/unit/tls_test.ts @@ -183,8 +183,8 @@ Deno.test( const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), }); const response = encoder.encode( @@ -296,8 +296,8 @@ async function tlsPair(): Promise<[Deno.Conn, Deno.Conn]> { const listener = Deno.listenTls({ hostname: "localhost", port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), }); const acceptPromise = listener.accept(); @@ -320,8 +320,8 @@ async function tlsAlpn( const listener = Deno.listenTls({ hostname: "localhost", port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), alpnProtocols: ["deno", "rocks"], }); @@ -725,8 +725,8 @@ async function tlsWithTcpFailureTestImpl( const tlsListener = Deno.listenTls({ hostname: "localhost", port: tlsPort, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), }); const tcpPort = getPort(); @@ -1019,8 +1019,8 @@ function createHttpsListener(port: number): Deno.Listener { const listener = Deno.listenTls({ hostname: "localhost", port, - certFile: "./cli/tests/testdata/tls/localhost.crt", - keyFile: "./cli/tests/testdata/tls/localhost.key", + cert: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.crt"), + key: Deno.readTextFileSync("./cli/tests/testdata/tls/localhost.key"), }); serve(listener); @@ -1285,8 +1285,8 @@ Deno.test( const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: await Deno.readTextFile("cli/tests/testdata/tls/localhost.crt"), + key: await Deno.readTextFile("cli/tests/testdata/tls/localhost.key"), }); const acceptPromise = listener.accept(); const connectPromise = Deno.connectTls({ @@ -1354,8 +1354,8 @@ Deno.test( const listener = Deno.listenTls({ hostname, port, - certFile: "cli/tests/testdata/tls/localhost.crt", - keyFile: "cli/tests/testdata/tls/localhost.key", + cert: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.crt"), + key: Deno.readTextFileSync("cli/tests/testdata/tls/localhost.key"), }); for await (const conn of listener) { for (let i = 0; i < 10; i++) { diff --git a/ext/net/02_tls.js b/ext/net/02_tls.js index 6fa5bff209eb96..e71bd77f5fc8ec 100644 --- a/ext/net/02_tls.js +++ b/ext/net/02_tls.js @@ -1,6 +1,6 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. -import { core, primordials } from "ext:core/mod.js"; +import { core, internals, primordials } from "ext:core/mod.js"; const { op_net_accept_tls, op_net_connect_tls, @@ -39,6 +39,13 @@ async function connectTls({ privateKey = undefined, alpnProtocols = undefined, }) { + if (certFile !== undefined) { + internals.warnOnDeprecatedApi( + "Deno.ConnectTlsOptions.certFile", + new Error().stack, + "Pass the cert file contents to the `Deno.ConnectTlsOptions.certChain` option instead.", + ); + } if (transport !== "tcp") { throw new TypeError(`Unsupported transport: '${transport}'`); } @@ -76,6 +83,20 @@ function listenTls({ if (transport !== "tcp") { throw new TypeError(`Unsupported transport: '${transport}'`); } + if (keyFile !== undefined) { + internals.warnOnDeprecatedApi( + "Deno.ListenTlsOptions.keyFile", + new Error().stack, + "Pass the key file contents to the `Deno.ListenTlsOptions.key` option instead.", + ); + } + if (certFile !== undefined) { + internals.warnOnDeprecatedApi( + "Deno.ListenTlsOptions.certFile", + new Error().stack, + "Pass the cert file contents to the `Deno.ListenTlsOptions.cert` option instead.", + ); + } const { 0: rid, 1: localAddr } = op_net_listen_tls( { hostname, port: Number(port) }, { cert, certFile, key, keyFile, alpnProtocols, reusePort }, diff --git a/ext/net/lib.deno_net.d.ts b/ext/net/lib.deno_net.d.ts index c019c8d6168983..e3051d6ad0a3be 100644 --- a/ext/net/lib.deno_net.d.ts +++ b/ext/net/lib.deno_net.d.ts @@ -174,13 +174,17 @@ declare namespace Deno { * `--allow-read`. * * @tags allow-read - * @deprecated This option is deprecated and will be removed in Deno 2.0. + * @deprecated Pass the certificate file contents directly to the + * {@linkcode Deno.ListenTlsOptions.cert} option instead. This option will + * be removed in Deno 2.0. */ certFile?: string; /** Server private key file. Requires `--allow-read`. * * @tags allow-read - * @deprecated This option is deprecated and will be removed in Deno 2.0. + * @deprecated Pass the key file contents directly to the + * {@linkcode Deno.ListenTlsOptions.key} option instead. This option will + * be removed in Deno 2.0. */ keyFile?: string; @@ -197,7 +201,11 @@ declare namespace Deno { * security). * * ```ts - * const lstnr = Deno.listenTls({ port: 443, certFile: "./server.crt", keyFile: "./server.key" }); + * using listener = Deno.listenTls({ + * port: 443, + * cert: Deno.readTextFileSync("./server.crt"), + * key: Deno.readTextFileSync("./server.key"), + * }); * ``` * * Requires `allow-net` permission. @@ -289,8 +297,9 @@ declare namespace Deno { /** * Server certificate file. * - * @deprecated This option is deprecated and will be removed in a future - * release. + * @deprecated Pass the cert file contents directly to the + * {@linkcode Deno.ConnectTlsOptions.caCerts} option instead. This option + * will be removed in Deno 2.0. */ certFile?: string; /** A list of root certificates that will be used in addition to the