From 7f20870e0fc7b938d2b43ef71ab605c87060c988 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Tue, 6 Feb 2024 02:55:39 +0000
Subject: [PATCH] chore(cert-watch): better error handling

---
 Cargo.lock                       |  2 +-
 https-tls/cert-watch/README.md   |  4 +++-
 https-tls/cert-watch/src/main.rs | 19 +++++++------------
 3 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 5515e46..27097f1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1990,7 +1990,7 @@ dependencies = [
  "parking_lot 0.12.1",
  "rustls 0.21.10",
  "rustls-pemfile",
- "tokio 1.35.1",
+ "tokio 1.36.0",
 ]
 
 [[package]]
diff --git a/https-tls/cert-watch/README.md b/https-tls/cert-watch/README.md
index f2452e9..6ff3ae2 100644
--- a/https-tls/cert-watch/README.md
+++ b/https-tls/cert-watch/README.md
@@ -32,7 +32,9 @@ $ touch cert.pem
 
 ### Client
 
+- [HTTPie]: `http --verify=no :8443`
 - cURL: `curl -v --insecure https://127.0.0.1:8443`
-- Browser: go to <https://127.0.0.1:8443>
+- Browser: navigate to <https://127.0.0.1:8443>
 
 [`mkcert`]: https://github.com/FiloSottile/mkcert
+[httpie]: https://httpie.io/cli
diff --git a/https-tls/cert-watch/src/main.rs b/https-tls/cert-watch/src/main.rs
index a686bfe..8d18582 100644
--- a/https-tls/cert-watch/src/main.rs
+++ b/https-tls/cert-watch/src/main.rs
@@ -54,7 +54,7 @@ async fn main() -> eyre::Result<()> {
     // loop reloads on TLS changes and exits on normal ctrl-c (etc.) signals
     loop {
         // load TLS cert/key files and
-        let config = load_rustls_config();
+        let config = load_rustls_config()?;
 
         log::info!("starting HTTPS server at https://localhost:8443");
 
@@ -97,24 +97,19 @@ async fn main() -> eyre::Result<()> {
     Ok(())
 }
 
-fn load_rustls_config() -> rustls::ServerConfig {
+fn load_rustls_config() -> eyre::Result<rustls::ServerConfig> {
     // init server config builder with safe defaults
     let config = ServerConfig::builder()
         .with_safe_defaults()
         .with_no_client_auth();
 
     // load TLS key/cert files
-    let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
-    let key_file = &mut BufReader::new(File::open("key.pem").unwrap());
+    let cert_file = &mut BufReader::new(File::open("cert.pem")?);
+    let key_file = &mut BufReader::new(File::open("key.pem")?);
 
     // convert files to key/cert objects
-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)
-        .unwrap()
+    let cert_chain = certs(cert_file)?.into_iter().map(Certificate).collect();
+    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)?
         .into_iter()
         .map(PrivateKey)
         .collect();
@@ -125,5 +120,5 @@ fn load_rustls_config() -> rustls::ServerConfig {
         std::process::exit(1);
     }
 
-    config.with_single_cert(cert_chain, keys.remove(0)).unwrap()
+    Ok(config.with_single_cert(cert_chain, keys.remove(0))?)
 }