Skip to content

feat(utils): support multiple certificates in resolveServerUrls #20707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat(utils): support multiple certificates in resolveServerUrls #20707

wants to merge 8 commits into from
+205 −38

Conversation

monam2
Copy link

@monam2 monam2 commented Aug 31, 2025
edited
Loading

Description

Fixes #20681

Added support for multiple certificates in the resolveServerUrls function. Previously, only single certificates were supported, limiting HTTPS server configuration options.

  • Uses arraify to process certificate arrays and handle multiple certificates properly.
  • Added bufferify function for safe certificate conversion to Buffer format.
  • Implemented try-catch blocks to gracefully handle invalid certificates and prevent crashes.

All tests pass (unit, integration, and build tests all pass locally)

Test Coverage Added

  • No Certificate
  • Single Certificate
  • Multiple Certificates
  • IPv6 Support
  • Mixed Configurations (IPv4/IPv6 address families)
  • Invalid Certificate Handling

Note: Some test parameters use any types due to complex interface typing challenges. Type improvements are welcome.

graphite-app[bot]
graphite-app bot reviewed Aug 31, 2025
View reviewed changes
@monam2
Copy link
Author

monam2 commented Sep 1, 2025

Sorry for the confusion in the test cases.
I've updated the multiple certs tests to use the same cert twice and removed the mixed IPv4/IPv6 test case since it's not directly related to this work.

Any feedback on the certificate or implementation setup would be welcome.

sapphi-red
sapphi-red requested changes Sep 13, 2025
View reviewed changes
Copy link
Member

@sapphi-red sapphi-red left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@sapphi-red sapphi-red added the p2-nice-to-have Not breaking anything but nice to have (priority) label Sep 13, 2025
@monam2
Copy link
Author

monam2 commented Sep 14, 2025

@sapphi-red Thanks for the suggestion — I’ve updated the code accordingly. I extracted the logic into a dedicated helper function and also renamed a few variables for clarity. PTAL.

@sapphi-red
Copy link
Member

Would you update the tests to use the new function you extracted?

@monam2
Copy link
Author

monam2 commented Sep 18, 2025

@sapphi-red Added cases for both single and multiple certificates.

bluwy
bluwy reviewed Sep 19, 2025
View reviewed changes
bluwy
bluwy previously approved these changes Sep 20, 2025
View reviewed changes
bluwy
bluwy reviewed Sep 20, 2025
View reviewed changes
bluwy
bluwy previously approved these changes Sep 21, 2025
View reviewed changes
@monam2 monam2 requested a review from sapphi-red September 21, 2025 13:25
@monam2 monam2 force-pushed the fix/multiple-certs-support branch from b4b27f9 to 6ef0e81 Compare September 23, 2025 06:26
@sapphi-red sapphi-red added this to the 7.2 milestone Sep 23, 2025
EmperorArthur
EmperorArthur reviewed Oct 1, 2025
View reviewed changes
Copy link

@EmperorArthur EmperorArthur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really appreciate you taking the time to work on this.

Here are a few small things that you might want to consider tweaking. It's up to you and the maintainers of course, but thought I could try to contribute a little bit.

packages/vite/src/node/utils.ts
try {
return new crypto.X509Certificate(cert)
} catch {
return null
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we log a warning instead of completely ignoring an invalid cert?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume the error would be shown when starting the server. Since this is an optional feature, I think it's fine to ignore the error here.

packages/vite/src/node/utils.ts
}
})
.flatMap((cert) =>
cert?.subjectAltName
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For whatever reason this took me a minute to parse.

Have you considered moving from the ternary .filter((cert) => Boolean(cert?.subjectAltName))?

Quick test to show that should cover all the cases:

let c = [{subjectAltName: 'asdf'}, {}, null, {subjectAltName: null}, {subjectAltName: ''}];
c.filter((cert) => Boolean(cert?.subjectAltName)).length === 1

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TypeScript cannot infer the types with

    .filter((cert) => Boolean(cert?.subjectAltName))
    .flatMap((cert) => extractHostnamesFromSubjectAltName(cert.subjectAltName)) // cert may be null

so I think it's better to keep it as-is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sapphi-red sapphi-red sapphi-red approved these changes

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@bluwy bluwy bluwy left review comments

+1 more reviewer

@EmperorArthur EmperorArthur EmperorArthur left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

p2-nice-to-have Not breaking anything but nice to have (priority)

Projects

None yet

Milestone

7.2

Development

Successfully merging this pull request may close these issues.

Support Extracting Hostnames From Multiple Certificates

4 participants

@monam2 @sapphi-red @EmperorArthur @bluwy