deno: Upgrading connection to tls in 1.17.x errors with UnsupportedCertVersion

The following happens when trying to do startTls to a postgres server with a self signed certificate. It works in 1.16.4

Sending fatal alert BadCertificate
error: Uncaught (in promise) InvalidData: invalid peer certificate contents: invalid peer certificate: UnsupportedCertVersion
  while (await conn.read(b))
         ^
    at async read (deno:ext/net/01_net.js:21:19)
    at async connected (file:///Users/rasmus/Projects/deno-ssl/index.js:16:10)

Small repro case here:

Deno.connect({ transport: 'tcp', port: 5432, hostname: 'localhost' }).then(async conn => {
  await conn.write(new Uint8Array([0, 0, 0, 8, 4, 210, 22, 47]))
  const b = new Uint8Array(128)

  while (await conn.read(b)) {
    if (b[0] === 83) {
      Deno.startTls(conn, { hostname: 'localhost' }).then(connected)
      break
    }
  }

})

async function connected(conn) {
  const b = new Uint8Array(128)
  while (await conn.read(b))
    console.log(b[0])
}

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (7 by maintainers)

Most upvoted comments

My understanding is that this will be fixed with a coming update of webpki, but until that has gone into Deno I don’t suppose this issue should be closed?

+1
porsager on Mar 16, 2022
Read more comments on GitHub
← deno: unhandledrejection is not working for anonymous async function promises. Some code works in nodejs
deno: [upstream] Build failures on aarch64 Linux with glibc 2.26.1 on latest Rust compiler →