Fixed crash on unknown cert
This commit is contained in:
parent
08b35f6b21
commit
f7107de96b
@ -197,7 +197,10 @@ impl rustls::server::ResolvesServerCert for BoxedFSStore {
|
|||||||
let domain = client_hello.server_name()?;
|
let domain = client_hello.server_name()?;
|
||||||
|
|
||||||
match self.get_certificate(domain) {
|
match self.get_certificate(domain) {
|
||||||
Err(GetCertificateError::NotFound) => Ok(None),
|
Err(GetCertificateError::NotFound) => {
|
||||||
|
println!("No cert found for domain {domain}");
|
||||||
|
Ok(None)
|
||||||
|
}
|
||||||
Err(GetCertificateError::Unexpected(err)) => Err(err),
|
Err(GetCertificateError::Unexpected(err)) => Err(err),
|
||||||
Ok((key, cert)) => {
|
Ok((key, cert)) => {
|
||||||
match rustls::sign::any_supported_type(&key.into()).map_unexpected() {
|
match rustls::sign::any_supported_type(&key.into()).map_unexpected() {
|
||||||
|
20
src/main.rs
20
src/main.rs
@ -9,9 +9,8 @@ use tokio::time;
|
|||||||
|
|
||||||
use std::convert::Infallible;
|
use std::convert::Infallible;
|
||||||
use std::net::SocketAddr;
|
use std::net::SocketAddr;
|
||||||
use std::path;
|
|
||||||
use std::str::FromStr;
|
use std::str::FromStr;
|
||||||
use std::sync;
|
use std::{future, path, sync};
|
||||||
|
|
||||||
use domiply::domain::acme::manager::Manager as AcmeManager;
|
use domiply::domain::acme::manager::Manager as AcmeManager;
|
||||||
use domiply::domain::manager::Manager;
|
use domiply::domain::manager::Manager;
|
||||||
@ -298,10 +297,7 @@ async fn main() {
|
|||||||
let canceller = canceller.clone();
|
let canceller = canceller.clone();
|
||||||
let server_config: tokio_rustls::TlsAcceptor = sync::Arc::new(
|
let server_config: tokio_rustls::TlsAcceptor = sync::Arc::new(
|
||||||
rustls::server::ServerConfig::builder()
|
rustls::server::ServerConfig::builder()
|
||||||
.with_safe_default_cipher_suites()
|
.with_safe_defaults()
|
||||||
.with_safe_default_kx_groups()
|
|
||||||
.with_safe_default_protocol_versions()
|
|
||||||
.unwrap()
|
|
||||||
.with_no_client_auth()
|
.with_no_client_auth()
|
||||||
.with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)),
|
.with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)),
|
||||||
)
|
)
|
||||||
@ -311,7 +307,17 @@ async fn main() {
|
|||||||
let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr)
|
let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr)
|
||||||
.expect("https listen socket created");
|
.expect("https listen socket created");
|
||||||
|
|
||||||
let incoming = tls_listener::TlsListener::new(server_config, addr_incoming);
|
let incoming =
|
||||||
|
tls_listener::TlsListener::new(server_config, addr_incoming).filter(|conn| {
|
||||||
|
if let Err(err) = conn {
|
||||||
|
println!("Error accepting TLS connection: {:?}", err);
|
||||||
|
future::ready(false)
|
||||||
|
} else {
|
||||||
|
future::ready(true)
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
let incoming = hyper::server::accept::from_stream(incoming);
|
||||||
|
|
||||||
println!(
|
println!(
|
||||||
"Listening on https://{}:{}",
|
"Listening on https://{}:{}",
|
||||||
|
Loading…
Reference in New Issue
Block a user