actix/examples
1
0
Fork 0
mirror of https://github.com/actix/examples synced 2025-02-17 15:23:31 +01:00
Code Issues Releases Wiki Activity

chore(cert-watch): better error handling

Browse Source
This commit is contained in:
Rob Ede 2024-02-06 02:55:39 +00:00
parent 183c924220
commit 7f20870e0f
No known key found for this signature in database
GPG Key ID: 97C636207D3EF933
3 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@ -1990,7 +1990,7 @@ dependencies = [
"parking_lot 0.12.1", "parking_lot 0.12.1",
"rustls 0.21.10", "rustls 0.21.10",
"rustls-pemfile", "rustls-pemfile",
"tokio 1.35.1", "tokio 1.36.0",
] ]
[[package]] [[package]]

4
https-tls/cert-watch/README.md
View File

@ -32,7 +32,9 @@ $ touch cert.pem
### Client ### Client
- [HTTPie]: `http --verify=no :8443`
- cURL: `curl -v --insecure https://127.0.0.1:8443` - cURL: `curl -v --insecure https://127.0.0.1:8443`
- Browser: go to <https://127.0.0.1:8443> - Browser: navigate to <https://127.0.0.1:8443>
[`mkcert`]: https://github.com/FiloSottile/mkcert [`mkcert`]: https://github.com/FiloSottile/mkcert
[httpie]: https://httpie.io/cli

19
https-tls/cert-watch/src/main.rs
View File

@ -54,7 +54,7 @@ async fn main() -> eyre::Result<()> {
// loop reloads on TLS changes and exits on normal ctrl-c (etc.) signals // loop reloads on TLS changes and exits on normal ctrl-c (etc.) signals
loop { loop {
// load TLS cert/key files and // load TLS cert/key files and
let config = load_rustls_config(); let config = load_rustls_config()?;
log::info!("starting HTTPS server at https://localhost:8443"); log::info!("starting HTTPS server at https://localhost:8443");
@ -97,24 +97,19 @@ async fn main() -> eyre::Result<()> {
Ok(()) Ok(())
} }
fn load_rustls_config() -> rustls::ServerConfig { fn load_rustls_config() -> eyre::Result<rustls::ServerConfig> {
// init server config builder with safe defaults // init server config builder with safe defaults
let config = ServerConfig::builder() let config = ServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_no_client_auth(); .with_no_client_auth();
// load TLS key/cert files // load TLS key/cert files
let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap()); let cert_file = &mut BufReader::new(File::open("cert.pem")?);
let key_file = &mut BufReader::new(File::open("key.pem").unwrap()); let key_file = &mut BufReader::new(File::open("key.pem")?);
// convert files to key/cert objects // convert files to key/cert objects
let cert_chain = certs(cert_file) let cert_chain = certs(cert_file)?.into_iter().map(Certificate).collect();
.unwrap() let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)?
.into_iter()
.map(Certificate)
.collect();
let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)
.unwrap()
.into_iter() .into_iter()
.map(PrivateKey) .map(PrivateKey)
.collect(); .collect();
@ -125,5 +120,5 @@ fn load_rustls_config() -> rustls::ServerConfig {
std::process::exit(1); std::process::exit(1);
} }
config.with_single_cert(cert_chain, keys.remove(0)).unwrap() Ok(config.with_single_cert(cert_chain, keys.remove(0))?)
} }