micropelago/domani
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed crash on unknown cert

Browse Source
This commit is contained in:
Brian Picciano 2023-05-23 12:15:06 +02:00
parent 08b35f6b21
commit f7107de96b
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/domain/acme/store.rs
View File

@ -197,7 +197,10 @@ impl rustls::server::ResolvesServerCert for BoxedFSStore {
let domain = client_hello.server_name()?; let domain = client_hello.server_name()?;
match self.get_certificate(domain) { match self.get_certificate(domain) {
Err(GetCertificateError::NotFound) => Ok(None), Err(GetCertificateError::NotFound) => {
println!("No cert found for domain {domain}");
Ok(None)
}
Err(GetCertificateError::Unexpected(err)) => Err(err), Err(GetCertificateError::Unexpected(err)) => Err(err),
Ok((key, cert)) => { Ok((key, cert)) => {
match rustls::sign::any_supported_type(&key.into()).map_unexpected() { match rustls::sign::any_supported_type(&key.into()).map_unexpected() {

20
src/main.rs
View File

@ -9,9 +9,8 @@ use tokio::time;
use std::convert::Infallible; use std::convert::Infallible;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path;
use std::str::FromStr; use std::str::FromStr;
use std::sync; use std::{future, path, sync};
use domiply::domain::acme::manager::Manager as AcmeManager; use domiply::domain::acme::manager::Manager as AcmeManager;
use domiply::domain::manager::Manager; use domiply::domain::manager::Manager;
@ -298,10 +297,7 @@ async fn main() {
let canceller = canceller.clone(); let canceller = canceller.clone();
let server_config: tokio_rustls::TlsAcceptor = sync::Arc::new( let server_config: tokio_rustls::TlsAcceptor = sync::Arc::new(
rustls::server::ServerConfig::builder() rustls::server::ServerConfig::builder()
.with_safe_default_cipher_suites() .with_safe_defaults()
.with_safe_default_kx_groups()
.with_safe_default_protocol_versions()
.unwrap()
.with_no_client_auth() .with_no_client_auth()
.with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)), .with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)),
) )
@ -311,7 +307,17 @@ async fn main() {
let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr) let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr)
.expect("https listen socket created"); .expect("https listen socket created");
let incoming = tls_listener::TlsListener::new(server_config, addr_incoming); let incoming =
tls_listener::TlsListener::new(server_config, addr_incoming).filter(|conn| {
if let Err(err) = conn {
println!("Error accepting TLS connection: {:?}", err);
future::ready(false)
} else {
future::ready(true)
}
});
let incoming = hyper::server::accept::from_stream(incoming);
println!( println!(
"Listening on https://{}:{}", "Listening on https://{}:{}",