tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor

Browse source
This commit is contained in:
Jun Kurihara 2023-07-10 23:01:34 +09:00
commit 145a1dc1ee
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
1 changed files with 9 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/proxy/proxy_client_cert.rs
View file

@ -10,26 +10,18 @@ pub(super) fn check_client_authentication(
client_certs: Option<&[Certificate]>,
client_ca_keyids_set_for_sni: Option<&HashSet<Vec<u8>>>,
) -> std::result::Result<(), ClientCertsError> {
let client_ca_keyids_set = match client_ca_keyids_set_for_sni {
Some(c) => c,
None => {
// No client cert settings for given server name
return Ok(());
}
let Some(client_ca_keyids_set) = client_ca_keyids_set_for_sni else {
// No client cert settings for given server name
return Ok(());
};
let client_certs = match client_certs {
Some(c) => {
debug!("Incoming TLS client is (temporarily) authenticated via client cert");
c
}
None => {
error!("Client certificate is needed for given server name");
return Err(ClientCertsError::ClientCertRequired(
"Client certificate is needed for given server name".to_string(),
));
}
let Some(client_certs) = client_certs else {
error!("Client certificate is needed for given server name");
return Err(ClientCertsError::ClientCertRequired(
"Client certificate is needed for given server name".to_string(),
));
};
debug!("Incoming TLS client is (temporarily) authenticated via client cert");
// Check client certificate key ids
let mut client_certs_parsed_iter = client_certs.iter().filter_map(|d| parse_x509_certificate(&d.0).ok());