This commit is contained in:
asonix 2024-01-15 18:21:36 -05:00
parent 3980381106
commit fee2294901

View file

@ -124,16 +124,16 @@ pub(crate) enum PostgresError {
#[derive(Debug, thiserror::Error)] #[derive(Debug, thiserror::Error)]
pub(crate) enum TlsError { pub(crate) enum TlsError {
#[error("Couldn't read configured certificate file")] #[error("Couldn't read configured certificate file")]
ReadCertificate(#[source] std::io::Error), Read(#[source] std::io::Error),
#[error("Couldn't parse configured certificate file: {0:?}")] #[error("Couldn't parse configured certificate file: {0:?}")]
ParseCertificate(rustls_pemfile::Error), Parse(rustls_pemfile::Error),
#[error("Configured certificate file is not a certificate")] #[error("Configured certificate file is not a certificate")]
NotCertificate, Invalid,
#[error("Couldn't add certificate to root store")] #[error("Couldn't add certificate to root store")]
AddCertificate(#[source] rustls::Error), Add(#[source] rustls::Error),
} }
impl PostgresError { impl PostgresError {
@ -176,19 +176,18 @@ async fn build_tls_connector(
if let Some(certificate_file) = certificate_file { if let Some(certificate_file) = certificate_file {
let bytes = tokio::fs::read(certificate_file) let bytes = tokio::fs::read(certificate_file)
.await .await
.map_err(TlsError::ReadCertificate)?; .map_err(TlsError::Read)?;
let opt = let opt = rustls_pemfile::read_one_from_slice(&bytes).map_err(TlsError::Parse)?;
rustls_pemfile::read_one_from_slice(&bytes).map_err(TlsError::ParseCertificate)?; let (item, _remainder) = opt.ok_or(TlsError::Invalid)?;
let (item, _remainder) = opt.ok_or(TlsError::NotCertificate)?;
let cert = if let rustls_pemfile::Item::X509Certificate(cert) = item { let cert = if let rustls_pemfile::Item::X509Certificate(cert) = item {
cert cert
} else { } else {
return Err(TlsError::NotCertificate); return Err(TlsError::Invalid);
}; };
cert_store.add(cert).map_err(TlsError::AddCertificate)?; cert_store.add(cert).map_err(TlsError::Add)?;
} }
let config = rustls::ClientConfig::builder() let config = rustls::ClientConfig::builder()