diff --git a/Cargo.lock b/Cargo.lock index 0b16ab840b..0154cb1525 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -560,7 +560,7 @@ dependencies = [ [[package]] name = "deno" -version = "1.12.2" +version = "1.13.0" dependencies = [ "atty", "base64 0.13.0", @@ -875,7 +875,7 @@ dependencies = [ [[package]] name = "deno_tls" -version = "0.1.0" +version = "0.1.1" dependencies = [ "deno_core", "lazy_static", diff --git a/Releases.md b/Releases.md index 10461e76fa..5a2b7bdfea 100644 --- a/Releases.md +++ b/Releases.md @@ -6,6 +6,43 @@ https://github.com/denoland/deno/releases We also have one-line install commands at: https://github.com/denoland/deno_install +### 1.13.0 / 2021.08.10 + +- BREAKING(unstable): Rename Deno.WebSocketUpgrade::websocket to socket (#11542) +- feat: Add --unsafely-treat-insecure-origin-as-secure flag to disable SSL + verification (#11324) +- feat: add experimental WebSocketStream API (#10365) +- feat: FFI API replacing native plugins (#11152) +- feat: stabilize Deno.serveHttp() (#11544) +- feat: support AbortSignal in writeFile (#11568) +- feat: support client certificates for connectTls (#11598) +- feat: type check codeblocks in Markdown file with "deno test --doc" (#11421) +- feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys + (#11367) +- feat(extensions/crypto): implement verify() for HMAC (#11387) +- feat(extensions/tls): Optionally support loading native certs (#11491) +- feat(extensions/web): add structuredClone function (#11572) +- feat(fmt): format top-level JSX elements/fragments with parens when multi-line + (#11582) +- feat(lsp): ability to set DENO_DIR via settings (#11527) +- feat(lsp): implement refactoring code actions (#11555) +- feat(lsp): support clients which do not support disabled code actions (#11612) +- feat(repl): add --eval flag for evaluating code when the repl starts (#11590) +- feat(repl): support exports in the REPL (#11592) +- feat(runtime): allow URL for permissions (#11578) +- feat(runtime): implement navigator.hardwareConcurrency (#11448) +- feat(unstable): clean environmental variables for subprocess (#11571) +- fix: support windows file specifiers with import maps (#11551) +- fix: Type `Deno.errors.*` as subclasses of `Error` (#10702) +- fix(doc): panic on invalid url (#11536) +- fix(extensions/fetch): Add Origin header to outgoing requests for fetch + (#11557) +- fix(extensions/websocket): allow any close code for server (#11614) +- fix(lsp): do not output to stderr before exiting the process (#11562) + +Release notes for std version 0.104.0: +https://github.com/denoland/deno_std/releases/tag/0.104.0 + ### 1.12.2 / 2021.07.26 - feat(lsp, unstable): add workspace config to status page (#11459) diff --git a/cli/Cargo.toml b/cli/Cargo.toml index a314415a6a..a7fe7faa49 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -2,7 +2,7 @@ [package] name = "deno" -version = "1.12.2" +version = "1.13.0" authors = ["the Deno authors"] default-run = "deno" edition = "2018" diff --git a/cli/tests/deno_land_unsafe_ssl.ts b/cli/tests/deno_land_unsafe_ssl.ts new file mode 100644 index 0000000000..f5e8dcc80b --- /dev/null +++ b/cli/tests/deno_land_unsafe_ssl.ts @@ -0,0 +1,2 @@ +const r = await fetch("https://google.com"); +console.log(r.status); diff --git a/cli/tests/deno_land_unsafe_ssl.ts.out b/cli/tests/deno_land_unsafe_ssl.ts.out new file mode 100644 index 0000000000..5ca4d68e2a --- /dev/null +++ b/cli/tests/deno_land_unsafe_ssl.ts.out @@ -0,0 +1,2 @@ +DANGER: TLS ceritificate validation is disabled for: deno.land +200 diff --git a/cli/tests/integration/mod.rs b/cli/tests/integration/mod.rs index 392101e54f..ee9c195f30 100644 --- a/cli/tests/integration/mod.rs +++ b/cli/tests/integration/mod.rs @@ -487,6 +487,20 @@ itest!(cafile_ts_fetch_unsafe_ssl { http_server: true, }); +itest!(deno_land_unsafe_ssl { + args: + "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land deno_land_unsafe_ssl.ts", + output: "deno_land_unsafe_ssl.ts.out", +}); + +itest!(localhost_unsafe_ssl { + args: + "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors=deno.land cafile_url_imports.ts", + output: "localhost_unsafe_ssl.ts.out", + http_server: true, + exit_code: 1, +}); + #[test] #[ignore] fn cafile_env_fetch() { diff --git a/cli/tests/localhost_unsafe_ssl.ts.out b/cli/tests/localhost_unsafe_ssl.ts.out new file mode 100644 index 0000000000..0bb6d0fb43 --- /dev/null +++ b/cli/tests/localhost_unsafe_ssl.ts.out @@ -0,0 +1,3 @@ +DANGER: TLS ceritificate validation is disabled for: deno.land +error: error sending request for url (https://localhost:5545/cli/tests/subdir/mod2.ts): error trying to connect: invalid certificate: UnknownIssuer + at [WILDCARD]tests/cafile_url_imports.ts:1:0 diff --git a/extensions/tls/Cargo.toml b/extensions/tls/Cargo.toml index 7a723e73ba..42060f4181 100644 --- a/extensions/tls/Cargo.toml +++ b/extensions/tls/Cargo.toml @@ -2,7 +2,7 @@ [package] name = "deno_tls" -version = "0.1.0" +version = "0.1.1" authors = ["the Deno authors"] edition = "2018" license = "MIT" diff --git a/extensions/tls/lib.rs b/extensions/tls/lib.rs index 932f5ba4c6..8f56f0ffd6 100644 --- a/extensions/tls/lib.rs +++ b/extensions/tls/lib.rs @@ -25,6 +25,7 @@ use rustls::ServerCertVerified; use rustls::ServerCertVerifier; use rustls::StoresClientSessions; use rustls::TLSError; +use rustls::WebPKIVerifier; use serde::Deserialize; use std::collections::HashMap; use std::io::BufReader; @@ -42,17 +43,22 @@ pub struct NoCertificateVerification(pub Vec); impl ServerCertVerifier for NoCertificateVerification { fn verify_server_cert( &self, - _roots: &RootCertStore, - _presented_certs: &[Certificate], - dns_name: DNSNameRef<'_>, - _ocsp: &[u8], + roots: &RootCertStore, + presented_certs: &[Certificate], + dns_name_ref: DNSNameRef<'_>, + ocsp: &[u8], ) -> Result { - let dns_name: &str = dns_name.into(); + let dns_name: &str = dns_name_ref.into(); let dns_name: String = dns_name.to_owned(); if self.0.is_empty() || self.0.contains(&dns_name) { Ok(ServerCertVerified::assertion()) } else { - Err(TLSError::General(dns_name)) + WebPKIVerifier::new().verify_server_cert( + roots, + presented_certs, + dns_name_ref, + ocsp, + ) } }