tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor

Browse source
This commit is contained in:
Jun Kurihara 2023-07-10 23:01:34 +09:00
commit 145a1dc1ee
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
1 changed files with 9 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/proxy/proxy_client_cert.rs
View file

@ -10,26 +10,18 @@ pub(super) fn check_client_authentication(
client_certs: Option<&[Certificate]>, client_certs: Option<&[Certificate]>,
client_ca_keyids_set_for_sni: Option<&HashSet<Vec<u8>>>, client_ca_keyids_set_for_sni: Option<&HashSet<Vec<u8>>>,
) -> std::result::Result<(), ClientCertsError> { ) -> std::result::Result<(), ClientCertsError> {
let client_ca_keyids_set = match client_ca_keyids_set_for_sni { let Some(client_ca_keyids_set) = client_ca_keyids_set_for_sni else {
Some(c) => c,
None => {
// No client cert settings for given server name // No client cert settings for given server name
return Ok(()); return Ok(());
}
}; };
let client_certs = match client_certs { let Some(client_certs) = client_certs else {
Some(c) => {
debug!("Incoming TLS client is (temporarily) authenticated via client cert");
c
}
None => {
error!("Client certificate is needed for given server name"); error!("Client certificate is needed for given server name");
return Err(ClientCertsError::ClientCertRequired( return Err(ClientCertsError::ClientCertRequired(
"Client certificate is needed for given server name".to_string(), "Client certificate is needed for given server name".to_string(),
)); ));
}
}; };
debug!("Incoming TLS client is (temporarily) authenticated via client cert");
// Check client certificate key ids // Check client certificate key ids
let mut client_certs_parsed_iter = client_certs.iter().filter_map(|d| parse_x509_certificate(&d.0).ok()); let mut client_certs_parsed_iter = client_certs.iter().filter_map(|d| parse_x509_certificate(&d.0).ok());