fix(miniflare): parse pem file with regex (#9089)

Author: edmundhung

.changeset/soft-wasps-beg.md

@@ -0,0 +1,5 @@
+---
+"miniflare": patch
+---
+
+fix: skip comment lines when parsing `NODE_EXTRA_CA_CERTS`

packages/miniflare/src/plugins/core/index.ts

@@ -84,9 +84,12 @@ if (process.env.NODE_EXTRA_CA_CERTS !== undefined) {
 		const extra = readFileSync(process.env.NODE_EXTRA_CA_CERTS, "utf8");
 		// Split bundle into individual certificates and add each individually:
 		// https://github.com/cloudflare/miniflare/pull/587/files#r1271579671
-		const pemBegin = "-----BEGIN";
-		for (const cert of extra.split(pemBegin)) {
-			if (cert.trim() !== "") trustedCertificates.push(pemBegin + cert);
+		const certs = extra.match(
+			/-----BEGIN CERTIFICATE-----[\s\S]+?-----END CERTIFICATE-----/g
+		);
+
+		if (certs !== null) {
+			trustedCertificates.push(...certs);
 		}
 	} catch {}
 }

packages/miniflare/test/plugins/core/index.spec.ts

@@ -48,7 +48,12 @@ opensslTest("NODE_EXTRA_CA_CERTS: loads certificates", async (t) => {
 	// (see https://github.com/cloudflare/miniflare/pull/587/files#r1271579671)
 	const caCertsPath = path.join(tmp, "bundle.pem");
 	const caCerts = [...tls.rootCertificates, cert];
-	await fs.writeFile(caCertsPath, caCerts.join("\n"));
+	await fs.writeFile(
+		caCertsPath,
+		["## This is a comment which should be ignored\n"].concat(
+			caCerts.join("\n")
+		)
+	);
 
 	// Start Miniflare with NODE_EXTRA_CA_CERTS environment variable
 	// (cannot use sync process methods here as that would block HTTPS server)