@gjsify/tls 0.3.13 → 0.3.15

package/lib/esm/index.js

@@ -1,377 +1,370 @@
 import Gio from "@girs/gio-2.0";
 import GLib from "@girs/glib-2.0";
-import { Socket, Server } from "node:net";
+import { Server, Socket } from "node:net";
 import { createNodeError, deferEmit } from "@gjsify/utils";
+
+//#region src/index.ts
 const DEFAULT_MIN_VERSION = "TLSv1.2";
 const DEFAULT_MAX_VERSION = "TLSv1.3";
 const DEFAULT_CIPHERS = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384";
+/** Returns a list of supported TLS cipher names (subset; implementation-defined). */
 function getCiphers() {
-  return [
-    "aes-128-gcm",
-    "aes-256-gcm",
-    "chacha20-poly1305",
-    "aes-128-cbc",
-    "aes-256-cbc"
-  ];
+	return [
+		"aes-128-gcm",
+		"aes-256-gcm",
+		"chacha20-poly1305",
+		"aes-128-cbc",
+		"aes-256-cbc"
+	];
 }
+/** Removes a trailing dot from a fully-qualified domain name. */
 function unfqdn(host) {
-  return host.endsWith(".") ? host.slice(0, -1) : host;
+	return host.endsWith(".") ? host.slice(0, -1) : host;
 }
+/** Splits a hostname into parts, lower-cased, after removing trailing dots. */
 function splitHost(host) {
-  return unfqdn(host).toLowerCase().split(".");
+	return unfqdn(host).toLowerCase().split(".");
 }
+/** Wildcard-match a hostname part list against a pattern (supports leading *). */
 function checkWildcard(hostParts, pattern) {
-  const patParts = splitHost(pattern);
-  if (patParts.length !== hostParts.length) return false;
-  if (patParts[0] === "*") {
-    return patParts.slice(1).join(".") === hostParts.slice(1).join(".");
-  }
-  return patParts.every((p, i) => p === hostParts[i]);
+	const patParts = splitHost(pattern);
+	if (patParts.length !== hostParts.length) return false;
+	if (patParts[0] === "*") {
+		return patParts.slice(1).join(".") === hostParts.slice(1).join(".");
+	}
+	return patParts.every((p, i) => p === hostParts[i]);
 }
+/**
+* Verifies that the certificate `cert` is valid for `hostname`.
+* Returns an Error if the check fails, or undefined on success.
+*
+* Reference: Node.js lib/tls.js exports.checkServerIdentity
+*/
 function checkServerIdentity(hostname, cert) {
-  const subject = cert.subject;
-  const altNames = cert.subjectaltname;
-  const dnsNames = [];
-  const ips = [];
-  hostname = String(hostname);
-  if (altNames) {
-    const parts = altNames.split(", ");
-    for (const name of parts) {
-      if (name.startsWith("DNS:")) {
-        dnsNames.push(name.slice(4));
-      } else if (name.startsWith("IP Address:")) {
-        ips.push(name.slice(11).trim());
-      }
-    }
-  }
-  let valid = false;
-  let reason = "Unknown reason";
-  hostname = unfqdn(hostname);
-  const isIPv4 = /^(\d{1,3}\.){3}\d{1,3}$/.test(hostname);
-  const isIPv6 = hostname.includes(":");
-  if (isIPv4 || isIPv6) {
-    valid = ips.some((ip) => ip.toLowerCase() === hostname.toLowerCase());
-    if (!valid)
-      reason = `IP: ${hostname} is not in the cert's list: ${ips.join(", ")}`;
-  } else if (dnsNames.length > 0 || subject?.CN) {
-    const hostParts = splitHost(hostname);
-    if (dnsNames.length > 0) {
-      valid = dnsNames.some((pattern) => checkWildcard(hostParts, pattern));
-      if (!valid)
-        reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;
-    } else {
-      const cn = subject.CN;
-      if (Array.isArray(cn)) {
-        valid = cn.some((c) => checkWildcard(hostParts, c));
-      } else if (cn) {
-        valid = checkWildcard(hostParts, cn);
-      }
-      if (!valid)
-        reason = `Host: ${hostname}. is not cert's CN: ${cn}`;
-    }
-  } else {
-    reason = "Cert does not contain a DNS name";
-  }
-  if (!valid) {
-    const err = new Error(reason);
-    err.reason = reason;
-    err.host = hostname;
-    err.cert = cert;
-    return err;
-  }
-  return void 0;
-}
-class TLSSocket extends Socket {
-  encrypted = true;
-  authorized = false;
-  authorizationError;
-  alpnProtocol = false;
-  /** @internal */
-  _tlsConnection = null;
-  constructor(socket, options) {
-    super();
-  }
-  /**
-   * @internal Wire the TLS connection's I/O streams into this socket
-   * so that read/write operations go through the encrypted channel.
-   */
-  _setupTlsStreams(tlsConn) {
-    this._tlsConnection = tlsConn;
-    this._inputStream = tlsConn.get_input_stream();
-    this._outputStream = tlsConn.get_output_stream();
-    this._connection = tlsConn;
-  }
-  /** Get the peer certificate info. */
-  getPeerCertificate(_detailed) {
-    if (!this._tlsConnection) return {};
-    try {
-      const cert = this._tlsConnection.get_peer_certificate();
-      if (!cert) return {};
-      return {
-        subject: {},
-        issuer: {},
-        valid_from: "",
-        valid_to: ""
-      };
-    } catch {
-      return {};
-    }
-  }
-  /** Get the negotiated TLS protocol version. */
-  getProtocol() {
-    if (!this._tlsConnection) return null;
-    try {
-      const proto = this._tlsConnection.get_protocol_version();
-      switch (proto) {
-        case Gio.TlsProtocolVersion.TLS_1_0:
-          return "TLSv1";
-        case Gio.TlsProtocolVersion.TLS_1_1:
-          return "TLSv1.1";
-        case Gio.TlsProtocolVersion.TLS_1_2:
-          return "TLSv1.2";
-        case Gio.TlsProtocolVersion.TLS_1_3:
-          return "TLSv1.3";
-        default:
-          return null;
-      }
-    } catch {
-      return null;
-    }
-  }
-  /** Get the cipher info. */
-  getCipher() {
-    if (!this._tlsConnection) return null;
-    try {
-      const name = this._tlsConnection.get_ciphersuite_name();
-      return { name: name || "unknown", version: this.getProtocol() || "unknown" };
-    } catch {
-      return null;
-    }
-  }
-  /** Get the negotiated ALPN protocol. */
-  getAlpnProtocol() {
-    if (!this._tlsConnection) return false;
-    try {
-      const proto = this._tlsConnection.get_negotiated_protocol();
-      return proto || false;
-    } catch {
-      return false;
-    }
-  }
+	const subject = cert.subject;
+	const altNames = cert.subjectaltname;
+	const dnsNames = [];
+	const ips = [];
+	hostname = String(hostname);
+	if (altNames) {
+		const parts = altNames.split(", ");
+		for (const name of parts) {
+			if (name.startsWith("DNS:")) {
+				dnsNames.push(name.slice(4));
+			} else if (name.startsWith("IP Address:")) {
+				ips.push(name.slice(11).trim());
+			}
+		}
+	}
+	let valid = false;
+	let reason = "Unknown reason";
+	hostname = unfqdn(hostname);
+	const isIPv4 = /^(\d{1,3}\.){3}\d{1,3}$/.test(hostname);
+	const isIPv6 = hostname.includes(":");
+	if (isIPv4 || isIPv6) {
+		valid = ips.some((ip) => ip.toLowerCase() === hostname.toLowerCase());
+		if (!valid) reason = `IP: ${hostname} is not in the cert's list: ${ips.join(", ")}`;
+	} else if (dnsNames.length > 0 || subject?.CN) {
+		const hostParts = splitHost(hostname);
+		if (dnsNames.length > 0) {
+			valid = dnsNames.some((pattern) => checkWildcard(hostParts, pattern));
+			if (!valid) reason = `Host: ${hostname}. is not in the cert's altnames: ${altNames}`;
+		} else {
+			const cn = subject.CN;
+			if (Array.isArray(cn)) {
+				valid = cn.some((c) => checkWildcard(hostParts, c));
+			} else if (cn) {
+				valid = checkWildcard(hostParts, cn);
+			}
+			if (!valid) reason = `Host: ${hostname}. is not cert's CN: ${cn}`;
+		}
+	} else {
+		reason = "Cert does not contain a DNS name";
+	}
+	if (!valid) {
+		const err = new Error(reason);
+		err.reason = reason;
+		err.host = hostname;
+		err.cert = cert;
+		return err;
+	}
+	return undefined;
 }
+/**
+* TLSSocket wraps a net.Socket with TLS via Gio.TlsConnection.
+*/
+var TLSSocket = class extends Socket {
+	encrypted = true;
+	authorized = false;
+	authorizationError;
+	alpnProtocol = false;
+	/** @internal */
+	_tlsConnection = null;
+	constructor(socket, options) {
+		super();
+	}
+	/**
+	* @internal Wire the TLS connection's I/O streams into this socket
+	* so that read/write operations go through the encrypted channel.
+	*/
+	_setupTlsStreams(tlsConn) {
+		this._tlsConnection = tlsConn;
+		this._inputStream = tlsConn.get_input_stream();
+		this._outputStream = tlsConn.get_output_stream();
+		this._connection = tlsConn;
+	}
+	/** Get the peer certificate info. */
+	getPeerCertificate(_detailed) {
+		if (!this._tlsConnection) return {};
+		try {
+			const cert = this._tlsConnection.get_peer_certificate();
+			if (!cert) return {};
+			return {
+				subject: {},
+				issuer: {},
+				valid_from: "",
+				valid_to: ""
+			};
+		} catch {
+			return {};
+		}
+	}
+	/** Get the negotiated TLS protocol version. */
+	getProtocol() {
+		if (!this._tlsConnection) return null;
+		try {
+			const proto = this._tlsConnection.get_protocol_version();
+			switch (proto) {
+				case Gio.TlsProtocolVersion.TLS_1_0: return "TLSv1";
+				case Gio.TlsProtocolVersion.TLS_1_1: return "TLSv1.1";
+				case Gio.TlsProtocolVersion.TLS_1_2: return "TLSv1.2";
+				case Gio.TlsProtocolVersion.TLS_1_3: return "TLSv1.3";
+				default: return null;
+			}
+		} catch {
+			return null;
+		}
+	}
+	/** Get the cipher info. */
+	getCipher() {
+		if (!this._tlsConnection) return null;
+		try {
+			const name = this._tlsConnection.get_ciphersuite_name();
+			return {
+				name: name || "unknown",
+				version: this.getProtocol() || "unknown"
+			};
+		} catch {
+			return null;
+		}
+	}
+	/** Get the negotiated ALPN protocol. */
+	getAlpnProtocol() {
+		if (!this._tlsConnection) return false;
+		try {
+			const proto = this._tlsConnection.get_negotiated_protocol();
+			return proto || false;
+		} catch {
+			return false;
+		}
+	}
+};
+/**
+* Create a TLS client connection.
+*
+* Connects via TCP first (using net.Socket.connect), then upgrades
+* the connection to TLS using Gio.TlsClientConnection.
+*/
 function connect(options, callback) {
-  const socket = new TLSSocket(void 0, options);
-  if (callback) {
-    socket.once("secureConnect", callback);
-  }
-  const port = options.port || 443;
-  const host = options.host || "localhost";
-  const servername = options.servername || host;
-  const rejectUnauthorized = options.rejectUnauthorized !== false;
-  socket.once("connect", () => {
-    const rawConnection = socket._connection;
-    if (!rawConnection) {
-      socket.destroy(new Error("No underlying connection for TLS upgrade"));
-      return;
-    }
-    try {
-      const connectable = Gio.NetworkAddress.new(servername, port);
-      const tlsConn = Gio.TlsClientConnection.new(
-        rawConnection,
-        connectable
-      );
-      tlsConn.set_server_identity(connectable);
-      if (options.ALPNProtocols && options.ALPNProtocols.length > 0) {
-        try {
-          tlsConn.set_advertised_protocols(options.ALPNProtocols);
-        } catch {
-        }
-      }
-      if (!rejectUnauthorized) {
-        tlsConn.connect(
-          "accept-certificate",
-          () => true
-        );
-      }
-      const cancellable = new Gio.Cancellable();
-      tlsConn.handshake_async(
-        GLib.PRIORITY_DEFAULT,
-        cancellable,
-        (_source, asyncResult) => {
-          try {
-            tlsConn.handshake_finish(asyncResult);
-            socket.authorized = true;
-            socket._setupTlsStreams(tlsConn);
-            socket.alpnProtocol = socket.getAlpnProtocol();
-            socket._reading = false;
-            socket._startReading();
-            socket.emit("secureConnect");
-          } catch (err) {
-            socket.authorized = false;
-            socket.authorizationError = err instanceof Error ? err.message : String(err);
-            if (rejectUnauthorized) {
-              socket.destroy(err instanceof Error ? err : new Error(String(err)));
-            } else {
-              socket._setupTlsStreams(tlsConn);
-              socket.emit("secureConnect");
-            }
-          }
-        }
-      );
-    } catch (err) {
-      socket.destroy(err instanceof Error ? err : new Error(String(err)));
-    }
-  });
-  socket.connect({ port, host });
-  return socket;
+	const socket = new TLSSocket(undefined, options);
+	if (callback) {
+		socket.once("secureConnect", callback);
+	}
+	const port = options.port || 443;
+	const host = options.host || "localhost";
+	const servername = options.servername || host;
+	const rejectUnauthorized = options.rejectUnauthorized !== false;
+	socket.once("connect", () => {
+		const rawConnection = socket._connection;
+		if (!rawConnection) {
+			socket.destroy(new Error("No underlying connection for TLS upgrade"));
+			return;
+		}
+		try {
+			const connectable = Gio.NetworkAddress.new(servername, port);
+			const tlsConn = Gio.TlsClientConnection.new(rawConnection, connectable);
+			tlsConn.set_server_identity(connectable);
+			if (options.ALPNProtocols && options.ALPNProtocols.length > 0) {
+				try {
+					tlsConn.set_advertised_protocols(options.ALPNProtocols);
+				} catch {}
+			}
+			if (!rejectUnauthorized) {
+				tlsConn.connect("accept-certificate", () => true);
+			}
+			const cancellable = new Gio.Cancellable();
+			tlsConn.handshake_async(GLib.PRIORITY_DEFAULT, cancellable, (_source, asyncResult) => {
+				try {
+					tlsConn.handshake_finish(asyncResult);
+					socket.authorized = true;
+					socket._setupTlsStreams(tlsConn);
+					socket.alpnProtocol = socket.getAlpnProtocol();
+					socket._reading = false;
+					socket._startReading();
+					socket.emit("secureConnect");
+				} catch (err) {
+					socket.authorized = false;
+					socket.authorizationError = err instanceof Error ? err.message : String(err);
+					if (rejectUnauthorized) {
+						socket.destroy(err instanceof Error ? err : new Error(String(err)));
+					} else {
+						socket._setupTlsStreams(tlsConn);
+						socket.emit("secureConnect");
+					}
+				}
+			});
+		} catch (err) {
+			socket.destroy(err instanceof Error ? err : new Error(String(err)));
+		}
+	});
+	socket.connect({
+		port,
+		host
+	});
+	return socket;
 }
+/**
+* Create a TLS secure context.
+*/
 function createSecureContext(options) {
-  return { context: options || {} };
+	return { context: options || {} };
 }
 const rootCertificates = [];
+/**
+* Build a Gio.TlsCertificate from PEM cert+key strings.
+*/
 function buildGioCertificate(cert, key) {
-  const certStr = Array.isArray(cert) ? cert.map((c) => typeof c === "string" ? c : c.toString("utf-8")).join("\n") : typeof cert === "string" ? cert : cert.toString("utf-8");
-  const keyStr = key ? Array.isArray(key) ? key.map((k) => typeof k === "string" ? k : k.toString("utf-8")).join("\n") : typeof key === "string" ? key : key.toString("utf-8") : "";
-  const pem = keyStr ? `${certStr}
-${keyStr}` : certStr;
-  return Gio.TlsCertificate.new_from_pem(pem, pem.length);
-}
-class TLSServer extends Server {
-  _tlsCertificate = null;
-  _tlsOptions;
-  _sniContexts = /* @__PURE__ */ new Map();
-  constructor(options, secureConnectionListener) {
-    super();
-    this._tlsOptions = options || {};
-    if (secureConnectionListener) {
-      this.on("secureConnection", secureConnectionListener);
-    }
-    if (this._tlsOptions.cert) {
-      try {
-        this._tlsCertificate = buildGioCertificate(this._tlsOptions.cert, this._tlsOptions.key);
-      } catch (err) {
-        deferEmit(this, "error", createNodeError(err, "createServer", {}));
-      }
-    }
-  }
-  /**
-   * Add a context for SNI (Server Name Indication).
-   */
-  addContext(hostname, context) {
-    if (context.cert) {
-      try {
-        const cert = buildGioCertificate(context.cert, context.key);
-        this._sniContexts.set(hostname, cert);
-      } catch (err) {
-        this.emit("error", createNodeError(err, "addContext", {}));
-      }
-    }
-  }
-  listen(...args) {
-    this.on("connection", (socket) => {
-      this._upgradeTls(socket);
-    });
-    return super.listen(...args);
-  }
-  /**
-   * Upgrade a raw TCP socket to TLS using Gio.TlsServerConnection.
-   */
-  _upgradeTls(socket) {
-    const rawConnection = socket._connection;
-    if (!rawConnection) {
-      const err = new Error("Cannot upgrade socket: no underlying connection");
-      this.emit("tlsClientError", err, socket);
-      socket.destroy();
-      return;
-    }
-    if (!this._tlsCertificate) {
-      const err = new Error("TLS server has no certificate configured");
-      this.emit("tlsClientError", err, socket);
-      socket.destroy();
-      return;
-    }
-    try {
-      const tlsConn = Gio.TlsServerConnection.new(
-        rawConnection,
-        this._tlsCertificate
-      );
-      if (this._tlsOptions.requestCert) {
-        tlsConn.authenticationMode = this._tlsOptions.rejectUnauthorized !== false ? Gio.TlsAuthenticationMode.REQUIRED : Gio.TlsAuthenticationMode.REQUESTED;
-      } else {
-        tlsConn.authenticationMode = Gio.TlsAuthenticationMode.NONE;
-      }
-      if (this._tlsOptions.rejectUnauthorized === false) {
-        tlsConn.connect(
-          "accept-certificate",
-          () => true
-        );
-      }
-      if (this._tlsOptions.ALPNProtocols && this._tlsOptions.ALPNProtocols.length > 0) {
-        try {
-          tlsConn.set_advertised_protocols(this._tlsOptions.ALPNProtocols);
-        } catch {
-        }
-      }
-      const cancellable = new Gio.Cancellable();
-      tlsConn.handshake_async(
-        GLib.PRIORITY_DEFAULT,
-        cancellable,
-        (_source, asyncResult) => {
-          try {
-            tlsConn.handshake_finish(asyncResult);
-            const tlsSocket = new TLSSocket();
-            tlsSocket.encrypted = true;
-            tlsSocket.authorized = true;
-            tlsSocket._setupTlsStreams(tlsConn);
-            tlsSocket.alpnProtocol = tlsSocket.getAlpnProtocol();
-            tlsSocket._startReading();
-            this.emit("secureConnection", tlsSocket);
-          } catch (err) {
-            const nodeErr = createNodeError(err, "handshake", {});
-            this.emit("tlsClientError", nodeErr, socket);
-            socket.destroy();
-          }
-        }
-      );
-    } catch (err) {
-      const nodeErr = createNodeError(err, "tls_wrap", {});
-      this.emit("tlsClientError", nodeErr, socket);
-      socket.destroy();
-    }
-  }
+	const certStr = Array.isArray(cert) ? cert.map((c) => typeof c === "string" ? c : c.toString("utf-8")).join("\n") : typeof cert === "string" ? cert : cert.toString("utf-8");
+	const keyStr = key ? Array.isArray(key) ? key.map((k) => typeof k === "string" ? k : k.toString("utf-8")).join("\n") : typeof key === "string" ? key : key.toString("utf-8") : "";
+	const pem = keyStr ? `${certStr}\n${keyStr}` : certStr;
+	return Gio.TlsCertificate.new_from_pem(pem, pem.length);
 }
+/**
+* TLSServer wraps a net.Server to accept TLS connections.
+*/
+var TLSServer = class extends Server {
+	_tlsCertificate = null;
+	_tlsOptions;
+	_sniContexts = new Map();
+	constructor(options, secureConnectionListener) {
+		super();
+		this._tlsOptions = options || {};
+		if (secureConnectionListener) {
+			this.on("secureConnection", secureConnectionListener);
+		}
+		if (this._tlsOptions.cert) {
+			try {
+				this._tlsCertificate = buildGioCertificate(this._tlsOptions.cert, this._tlsOptions.key);
+			} catch (err) {
+				deferEmit(this, "error", createNodeError(err, "createServer", {}));
+			}
+		}
+	}
+	/**
+	* Add a context for SNI (Server Name Indication).
+	*/
+	addContext(hostname, context) {
+		if (context.cert) {
+			try {
+				const cert = buildGioCertificate(context.cert, context.key);
+				this._sniContexts.set(hostname, cert);
+			} catch (err) {
+				this.emit("error", createNodeError(err, "addContext", {}));
+			}
+		}
+	}
+	listen(...args) {
+		this.on("connection", (socket) => {
+			this._upgradeTls(socket);
+		});
+		return super.listen(...args);
+	}
+	/**
+	* Upgrade a raw TCP socket to TLS using Gio.TlsServerConnection.
+	*/
+	_upgradeTls(socket) {
+		const rawConnection = socket._connection;
+		if (!rawConnection) {
+			const err = new Error("Cannot upgrade socket: no underlying connection");
+			this.emit("tlsClientError", err, socket);
+			socket.destroy();
+			return;
+		}
+		if (!this._tlsCertificate) {
+			const err = new Error("TLS server has no certificate configured");
+			this.emit("tlsClientError", err, socket);
+			socket.destroy();
+			return;
+		}
+		try {
+			const tlsConn = Gio.TlsServerConnection.new(rawConnection, this._tlsCertificate);
+			if (this._tlsOptions.requestCert) {
+				tlsConn.authenticationMode = this._tlsOptions.rejectUnauthorized !== false ? Gio.TlsAuthenticationMode.REQUIRED : Gio.TlsAuthenticationMode.REQUESTED;
+			} else {
+				tlsConn.authenticationMode = Gio.TlsAuthenticationMode.NONE;
+			}
+			if (this._tlsOptions.rejectUnauthorized === false) {
+				tlsConn.connect("accept-certificate", () => true);
+			}
+			if (this._tlsOptions.ALPNProtocols && this._tlsOptions.ALPNProtocols.length > 0) {
+				try {
+					tlsConn.set_advertised_protocols(this._tlsOptions.ALPNProtocols);
+				} catch {}
+			}
+			const cancellable = new Gio.Cancellable();
+			tlsConn.handshake_async(GLib.PRIORITY_DEFAULT, cancellable, (_source, asyncResult) => {
+				try {
+					tlsConn.handshake_finish(asyncResult);
+					const tlsSocket = new TLSSocket();
+					tlsSocket.encrypted = true;
+					tlsSocket.authorized = true;
+					tlsSocket._setupTlsStreams(tlsConn);
+					tlsSocket.alpnProtocol = tlsSocket.getAlpnProtocol();
+					tlsSocket._startReading();
+					this.emit("secureConnection", tlsSocket);
+				} catch (err) {
+					const nodeErr = createNodeError(err, "handshake", {});
+					this.emit("tlsClientError", nodeErr, socket);
+					socket.destroy();
+				}
+			});
+		} catch (err) {
+			const nodeErr = createNodeError(err, "tls_wrap", {});
+			this.emit("tlsClientError", nodeErr, socket);
+			socket.destroy();
+		}
+	}
+};
 function createServer(optionsOrListener, secureConnectionListener) {
-  if (typeof optionsOrListener === "function") {
-    return new TLSServer(void 0, optionsOrListener);
-  }
-  return new TLSServer(optionsOrListener, secureConnectionListener);
+	if (typeof optionsOrListener === "function") {
+		return new TLSServer(undefined, optionsOrListener);
+	}
+	return new TLSServer(optionsOrListener, secureConnectionListener);
 }
-var index_default = {
-  TLSSocket,
-  TLSServer,
-  Server: TLSServer,
-  connect,
-  createServer,
-  createSecureContext,
-  checkServerIdentity,
-  getCiphers,
-  rootCertificates,
-  DEFAULT_MIN_VERSION,
-  DEFAULT_MAX_VERSION,
-  DEFAULT_CIPHERS
-};
-export {
-  DEFAULT_CIPHERS,
-  DEFAULT_MAX_VERSION,
-  DEFAULT_MIN_VERSION,
-  TLSServer as Server,
-  TLSServer,
-  TLSSocket,
-  checkServerIdentity,
-  connect,
-  createSecureContext,
-  createServer,
-  index_default as default,
-  getCiphers,
-  rootCertificates
+var src_default = {
+	TLSSocket,
+	TLSServer,
+	Server: TLSServer,
+	connect,
+	createServer,
+	createSecureContext,
+	checkServerIdentity,
+	getCiphers,
+	rootCertificates,
+	DEFAULT_MIN_VERSION,
+	DEFAULT_MAX_VERSION,
+	DEFAULT_CIPHERS
 };
+
+//#endregion
+export { DEFAULT_CIPHERS, DEFAULT_MAX_VERSION, DEFAULT_MIN_VERSION, TLSServer as Server, TLSServer, TLSSocket, checkServerIdentity, connect, createSecureContext, createServer, src_default as default, getCiphers, rootCertificates };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gjsify/tls",
-  "version": "0.3.13",
+  "version": "0.3.15",
   "description": "Node.js tls module for Gjs",
   "type": "module",
   "module": "lib/esm/index.js",
@@ -30,15 +30,15 @@
     "tls"
   ],
   "devDependencies": {
-    "@gjsify/cli": "^0.3.13",
-    "@gjsify/unit": "^0.3.13",
+    "@gjsify/cli": "^0.3.15",
+    "@gjsify/unit": "^0.3.15",
     "@types/node": "^25.6.0",
     "typescript": "^6.0.3"
   },
   "dependencies": {
-    "@girs/gio-2.0": "^2.88.0-4.0.0-rc.9",
-    "@girs/glib-2.0": "^2.88.0-4.0.0-rc.9",
-    "@gjsify/net": "^0.3.13",
-    "@gjsify/utils": "^0.3.13"
+    "@girs/gio-2.0": "2.88.0-4.0.0-rc.9",
+    "@girs/glib-2.0": "2.88.0-4.0.0-rc.9",
+    "@gjsify/net": "^0.3.15",
+    "@gjsify/utils": "^0.3.15"
   }
 }