Fixed crash on unknown cert
This commit is contained in:
parent
08b35f6b21
commit
f7107de96b
@ -197,7 +197,10 @@ impl rustls::server::ResolvesServerCert for BoxedFSStore {
|
||||
let domain = client_hello.server_name()?;
|
||||
|
||||
match self.get_certificate(domain) {
|
||||
Err(GetCertificateError::NotFound) => Ok(None),
|
||||
Err(GetCertificateError::NotFound) => {
|
||||
println!("No cert found for domain {domain}");
|
||||
Ok(None)
|
||||
}
|
||||
Err(GetCertificateError::Unexpected(err)) => Err(err),
|
||||
Ok((key, cert)) => {
|
||||
match rustls::sign::any_supported_type(&key.into()).map_unexpected() {
|
||||
|
20
src/main.rs
20
src/main.rs
@ -9,9 +9,8 @@ use tokio::time;
|
||||
|
||||
use std::convert::Infallible;
|
||||
use std::net::SocketAddr;
|
||||
use std::path;
|
||||
use std::str::FromStr;
|
||||
use std::sync;
|
||||
use std::{future, path, sync};
|
||||
|
||||
use domiply::domain::acme::manager::Manager as AcmeManager;
|
||||
use domiply::domain::manager::Manager;
|
||||
@ -298,10 +297,7 @@ async fn main() {
|
||||
let canceller = canceller.clone();
|
||||
let server_config: tokio_rustls::TlsAcceptor = sync::Arc::new(
|
||||
rustls::server::ServerConfig::builder()
|
||||
.with_safe_default_cipher_suites()
|
||||
.with_safe_default_kx_groups()
|
||||
.with_safe_default_protocol_versions()
|
||||
.unwrap()
|
||||
.with_safe_defaults()
|
||||
.with_no_client_auth()
|
||||
.with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)),
|
||||
)
|
||||
@ -311,7 +307,17 @@ async fn main() {
|
||||
let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr)
|
||||
.expect("https listen socket created");
|
||||
|
||||
let incoming = tls_listener::TlsListener::new(server_config, addr_incoming);
|
||||
let incoming =
|
||||
tls_listener::TlsListener::new(server_config, addr_incoming).filter(|conn| {
|
||||
if let Err(err) = conn {
|
||||
println!("Error accepting TLS connection: {:?}", err);
|
||||
future::ready(false)
|
||||
} else {
|
||||
future::ready(true)
|
||||
}
|
||||
});
|
||||
|
||||
let incoming = hyper::server::accept::from_stream(incoming);
|
||||
|
||||
println!(
|
||||
"Listening on https://{}:{}",
|
||||
|
Loading…
Reference in New Issue
Block a user