cloudiful_server/core/
tls.rs

1use std::{fs::File, io::BufReader};
2
3use crate::core::{
4    ValidatedServerConfig,
5    error::{ServerError, TlsConfigLoadError},
6};
7
8pub fn load_tls_config<U>(
9    config: &ValidatedServerConfig<U>,
10) -> Result<Option<rustls::ServerConfig>, ServerError> {
11    let Some(tls) = config.tls.as_ref() else {
12        return Ok(None);
13    };
14
15    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
16
17    let mut cert_file = BufReader::new(File::open(&tls.cert_path).map_err(|source| {
18        ServerError::Tls(TlsConfigLoadError::OpenCertificate {
19            path: tls.cert_path.clone(),
20            source,
21        })
22    })?);
23
24    let mut key_file = BufReader::new(File::open(&tls.cert_key_path).map_err(|source| {
25        ServerError::Tls(TlsConfigLoadError::OpenPrivateKey {
26            path: tls.cert_key_path.clone(),
27            source,
28        })
29    })?);
30
31    let tls_certs = rustls_pemfile::certs(&mut cert_file)
32        .collect::<Result<Vec<_>, _>>()
33        .map_err(|source| {
34            ServerError::Tls(TlsConfigLoadError::ReadCertificates {
35                path: tls.cert_path.clone(),
36                source,
37            })
38        })?;
39
40    let tls_key = rustls_pemfile::private_key(&mut key_file)
41        .map_err(|source| {
42            ServerError::Tls(TlsConfigLoadError::ReadPrivateKey {
43                path: tls.cert_key_path.clone(),
44                source,
45            })
46        })?
47        .ok_or_else(|| {
48            ServerError::Tls(TlsConfigLoadError::MissingPrivateKey {
49                path: tls.cert_key_path.clone(),
50            })
51        })?;
52
53    rustls::ServerConfig::builder()
54        .with_no_client_auth()
55        .with_single_cert(tls_certs, tls_key)
56        .map(Some)
57        .map_err(|source| ServerError::Tls(TlsConfigLoadError::InvalidConfig { source }))
58}
cloudiful_server/core/tls.rs

cloudiful_server/core/
tls.rs
