From 5c259db0a5304f5aa7e10dfba1e5c238cae1dc5f Mon Sep 17 00:00:00 2001
From: Yusuke Tanaka <wing0920@gmail.com>
Date: Wed, 24 Dec 2025 00:42:06 +0900
Subject: [PATCH] Add DENO_CERT environment variable for Deno TLS support

Deno uses DENO_CERT instead of standard SSL_CERT_FILE to specify
custom CA certificates. Without this, Deno programs fail with
certificate errors when running under httpjail.
---
 docs/advanced/tls-interception.md | 1 +
 docs/guide/platform-support.md    | 1 +
 src/tls.rs                        | 4 +++-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/advanced/tls-interception.md b/docs/advanced/tls-interception.md
index e4a37f61..7daffaa5 100644
--- a/docs/advanced/tls-interception.md
+++ b/docs/advanced/tls-interception.md
@@ -21,6 +21,7 @@ httpjail sets these environment variables for the child process:
 - `CURL_CA_BUNDLE` - curl
 - `REQUESTS_CA_BUNDLE` - Python requests
 - `NODE_EXTRA_CA_CERTS` - Node.js
+- `DENO_CERT` - Deno
 - `CARGO_HTTP_CAINFO` - Cargo
 - `GIT_SSL_CAINFO` - Git
 
diff --git a/docs/guide/platform-support.md b/docs/guide/platform-support.md
index 85cfe24f..84a055a7 100644
--- a/docs/guide/platform-support.md
+++ b/docs/guide/platform-support.md
@@ -138,5 +138,6 @@ httpjail sets these variables for the child process to trust the CA certificate:
 - `CURL_CA_BUNDLE` - curl
 - `REQUESTS_CA_BUNDLE` - Python requests
 - `NODE_EXTRA_CA_CERTS` - Node.js
+- `DENO_CERT` - Deno
 - `CARGO_HTTP_CAINFO` - Cargo
 - `GIT_SSL_CAINFO` - Git
diff --git a/src/tls.rs b/src/tls.rs
index 98efa171..c5ed8f1b 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -365,7 +365,9 @@ impl CertificateManager {
             // Python requests
             ("REQUESTS_CA_BUNDLE".to_string(), ca_path_str.clone()),
             // Node.js
-            ("NODE_EXTRA_CA_CERTS".to_string(), ca_path_str),
+            ("NODE_EXTRA_CA_CERTS".to_string(), ca_path_str.clone()),
+            // Deno
+            ("DENO_CERT".to_string(), ca_path_str),
         ];
 
         Ok(env_vars)