rustls_mbedtls_provider_utils/
error.rs1use alloc::{format, sync::Arc};
2use rustls::OtherError;
3
4pub fn mbedtls_err_into_rustls_err(err: mbedtls::Error) -> rustls::Error {
6 mbedtls_err_into_rustls_err_with_error_msg(err, "")
7}
8
9pub fn mbedtls_err_into_rustls_err_with_error_msg(err: mbedtls::Error, msg: &str) -> rustls::Error {
12 match err {
13 mbedtls::Error::X509InvalidSignature | mbedtls::Error::RsaVerifyFailed => {
14 rustls::Error::InvalidCertificate(rustls::CertificateError::BadSignature)
15 }
16
17 mbedtls::Error::X509CertUnknownFormat | mbedtls::Error::X509BadInputData => {
18 rustls::Error::InvalidCertificate(rustls::CertificateError::BadEncoding)
19 }
20
21 mbedtls::Error::X509BufferTooSmall
22 | mbedtls::Error::X509CertVerifyFailed
23 | mbedtls::Error::X509FatalError
24 | mbedtls::Error::X509FeatureUnavailable
25 | mbedtls::Error::X509InvalidAlg
26 | mbedtls::Error::X509InvalidDate
27 | mbedtls::Error::X509InvalidExtensions
28 | mbedtls::Error::X509InvalidFormat
29 | mbedtls::Error::X509InvalidSerial
30 | mbedtls::Error::X509InvalidVersion
31 | mbedtls::Error::X509SigMismatch
32 | mbedtls::Error::X509UnknownOid
33 | mbedtls::Error::X509UnknownSigAlg
34 | mbedtls::Error::X509UnknownVersion => {
35 rustls::Error::InvalidCertificate(rustls::CertificateError::Other(OtherError(Arc::new(err))))
36 }
37
38 mbedtls::Error::X509InvalidName => rustls::Error::InvalidCertificate(rustls::CertificateError::NotValidForName),
39
40 _ => rustls::Error::General(format!("{err}{sep}{msg}", sep = if msg.is_empty() { "" } else { "\n" })),
41 }
42}
43
44#[cfg(test)]
45mod tests {
46 use super::*;
47 use rustls::CertificateError;
48
49 #[test]
50 fn test_mbedtls_err_into_rustls_err() {
51 assert_eq!(
52 mbedtls_err_into_rustls_err(mbedtls::Error::X509InvalidSignature),
53 rustls::Error::InvalidCertificate(CertificateError::BadSignature)
54 );
55 assert_eq!(
56 mbedtls_err_into_rustls_err(mbedtls::Error::RsaVerifyFailed),
57 rustls::Error::InvalidCertificate(CertificateError::BadSignature)
58 );
59 assert_eq!(
60 mbedtls_err_into_rustls_err(mbedtls::Error::X509BadInputData),
61 rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
62 );
63 assert_eq!(
64 mbedtls_err_into_rustls_err(mbedtls::Error::X509CertUnknownFormat),
65 rustls::Error::InvalidCertificate(CertificateError::BadEncoding)
66 );
67 assert_eq!(
68 mbedtls_err_into_rustls_err(mbedtls::Error::X509InvalidName),
69 rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
70 );
71 }
72
73 #[test]
74 fn test_mbedtls_err_into_rustls_err_with_error_msg() {
75 assert_eq!(
76 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidSignature, ""),
77 rustls::Error::InvalidCertificate(CertificateError::BadSignature)
78 );
79 assert_eq!(
80 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::CipherAuthFailed, ""),
81 rustls::Error::General(String::from("mbedTLS error CipherAuthFailed"))
82 );
83 assert_eq!(
84 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::RsaVerifyFailed, ""),
85 rustls::Error::InvalidCertificate(CertificateError::BadSignature)
86 );
87 assert_eq!(
88 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidName, ""),
89 rustls::Error::InvalidCertificate(CertificateError::NotValidForName)
90 );
91 assert_eq!(
92 format!(
93 "{:?}",
94 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509UnknownVersion, "")
95 ),
96 format!(
97 "{:?}",
98 rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(
99 mbedtls::Error::X509UnknownVersion
100 ))))
101 )
102 );
103 assert_eq!(
104 format!(
105 "{:?}",
106 mbedtls_err_into_rustls_err_with_error_msg(mbedtls::Error::X509InvalidSerial, "Invalid serial number")
107 ),
108 format!(
109 "{:?}",
110 rustls::Error::InvalidCertificate(CertificateError::Other(OtherError(Arc::new(
111 mbedtls::Error::X509InvalidSerial
112 ))))
113 )
114 );
115 }
116}