Skip to content

feat: allow disable hostname verification in TLS #30409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 23, 2025
Merged

feat: allow disable hostname verification in TLS #30409

merged 11 commits into from
Aug 23, 2025

Conversation

littledivy
Copy link
Member

@littledivy littledivy commented Aug 14, 2025
edited
Loading

Fixes #28903
Closes #26190

  • Adds a new option unsafelyDisableHostnameVerification to Deno.connectTls and Deno.startTls to ignore DNS name mismatch errors from rustls server verifier.
  • Disable hostname verification in Node.js TLSSocket if checkServerIdentity is a no-op.

@littledivy
feat: allow disable hostname verification in startTls
d672894 
Fixes denoland#28903

- Adds a new option `disableHostnameVerification` to `Deno.connectTls` and `Deno.startTls` to ignore DNS name mismatch errors from rustls server verifier.
- Disable hostname verification in Node.js TLSSocket if `checkServerIdentity` is a no-op.
@littledivy
x
3fd2eb6
dsherret
dsherret reviewed Aug 14, 2025
View reviewed changes
@littledivy littledivy mentioned this pull request Aug 15, 2025
Closed
8 tasks
bartlomieju
bartlomieju reviewed Aug 16, 2025
View reviewed changes
cli/tsc/dts/lib.deno_net.d.ts Outdated
*
* @default {false}
*/
disableHostnameVerification?: boolean;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we name it something like unsafelyDisableHostnameVerification? I think we should update the docstring too, to tell that this shouldn't be done by most users and when it might be useful.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking this too. Btw, @littledivy remember to post these public api changes to the cli-public-api channel

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed tounsafelyDisableHostnameVerification

bartlomieju
bartlomieju reviewed Aug 22, 2025
View reviewed changes
bartlomieju
bartlomieju approved these changes Aug 22, 2025
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work

@littledivy littledivy merged commit b580804 into denoland:main Aug 23, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dsherret dsherret dsherret left review comments

@bartlomieju bartlomieju bartlomieju approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TLS Error connecting to Azure PostgreSQL Skip hostname checking for TLS connections
3 participants
@littledivy @dsherret @bartlomieju