rafaelcaricio/relay
1
0
Fork 0
forked from mirrors/relay
Code Pull requests Activity

Add more logging around TLS config issues

Browse source
This commit is contained in:
asonix 2022-11-20 22:46:20 -06:00
parent 73cc4862d9
commit 205e794b9e
1 changed files with 25 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/config.rs
View file

@ -143,9 +143,18 @@ impl Config {
let scheme = if config.https { "https" } else { "http" }; let scheme = if config.https { "https" } else { "http" };
let base_uri = iri!(format!("{}://{}", scheme, config.hostname)).into_absolute(); let base_uri = iri!(format!("{}://{}", scheme, config.hostname)).into_absolute();
let tls = config let tls = match (config.tls_key, config.tls_cert) {
.tls_key (Some(key), Some(cert)) => Some(TlsConfig { key, cert }),
.and_then(|key| config.tls_cert.map(|cert| TlsConfig { key, cert })); (Some(_), None) => {
tracing::warn!("TLS_KEY is set but TLS_CERT isn't , not building TLS config");
None
}
(None, Some(_)) => {
tracing::warn!("TLS_CERT is set but TLS_KEY isn't , not building TLS config");
None
}
(None, None) => None,
};
Ok(Config { Ok(Config {
hostname: config.hostname, hostname: config.hostname,
@ -170,6 +179,7 @@ impl Config {
let tls = if let Some(tls) = &self.tls { let tls = if let Some(tls) = &self.tls {
tls tls
} else { } else {
tracing::warn!("No TLS config present");
return Ok(None); return Ok(None);
}; };
@ -177,18 +187,22 @@ impl Config {
let certs = rustls_pemfile::certs(&mut certs_reader)?; let certs = rustls_pemfile::certs(&mut certs_reader)?;
let mut key_reader = BufReader::new(std::fs::File::open(&tls.key)?); let mut key_reader = BufReader::new(std::fs::File::open(&tls.key)?);
let keys = rustls_pemfile::read_all(&mut key_reader)?; let key = rustls_pemfile::read_one(&mut key_reader)?;
let certs = certs.into_iter().map(Certificate).collect(); let certs = certs.into_iter().map(Certificate).collect();
let key = if let Some(key) = keys.into_iter().find_map(|item| match item { let key = if let Some(key) = key {
rustls_pemfile::Item::RSAKey(der) => Some(PrivateKey(der)), match key {
rustls_pemfile::Item::PKCS8Key(der) => Some(PrivateKey(der)), rustls_pemfile::Item::RSAKey(der) => PrivateKey(der),
rustls_pemfile::Item::ECKey(der) => Some(PrivateKey(der)), rustls_pemfile::Item::PKCS8Key(der) => PrivateKey(der),
_ => None, rustls_pemfile::Item::ECKey(der) => PrivateKey(der),
}) { _ => {
key tracing::warn!("Unknown key format: {:?}", key);
return Ok(None);
}
}
} else { } else {
tracing::warn!("Failed to read private key");
return Ok(None); return Ok(None);
}; };