Fix visibility issue, update rustls & several clippy warnings

cloudflare · Jul 24, 2024 · b8183bb · b8183bb
1 parent 76b6a68
commit b8183bb
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 19 deletions.
diff --git a/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs b/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs
@@ -182,7 +182,7 @@ where
     if let Some(ca_list) = peer.get_ca() {
         let mut store_builder = X509StoreBuilder::new().unwrap();
         for ca in &**ca_list {
-            let cert = der_to_x509(&**ca)?;
+            let cert = der_to_x509(ca)?;
             store_builder.add_cert(cert).unwrap();
         }
         ssl_set_verify_cert_store(&mut ssl_conf, &store_builder.build())
@@ -192,9 +192,9 @@ where
     // Set up client cert/key
     if let Some(key_pair) = peer.get_client_cert_key() {
         debug!("setting client cert and key");
-        let leaf = der_to_x509(&*key_pair.leaf())?;
+        let leaf = der_to_x509(key_pair.leaf())?;
         ssl_use_certificate(&mut ssl_conf, &leaf).or_err(InternalError, "invalid client cert")?;
-        let key = der_to_private_key(&*key_pair.key())?;
+        let key = der_to_private_key(key_pair.key())?;
         ssl_use_private_key(&mut ssl_conf, &key).or_err(InternalError, "invalid client key")?;
 
         let intermediates = key_pair.intermediates();

diff --git a/pingora-core/src/listeners/tls/mod.rs b/pingora-core/src/listeners/tls/mod.rs
@@ -36,7 +36,7 @@ pub mod boringssl_openssl;
 #[cfg(feature = "rustls")]
 pub(crate) mod rustls;
 
-pub(crate) struct Acceptor {
+pub struct Acceptor {
     ssl_acceptor: Box<dyn TlsAcceptor + Send + Sync>,
     callbacks: Option<TlsAcceptCallbacks>,
 }

diff --git a/pingora-core/src/protocols/http/server.rs b/pingora-core/src/protocols/http/server.rs
@@ -53,7 +53,7 @@ impl Session {
     /// else with the session.
     /// - `Ok(true)`: successful
     /// - `Ok(false)`: client exit without sending any bytes. This is normal on reused connection.
-    /// In this case the user should give up this session.
+    ///   In this case the user should give up this session.
     pub async fn read_request(&mut self) -> Result<bool> {
         match self {
             Self::H1(s) => {

diff --git a/pingora-core/src/upstreams/peer.rs b/pingora-core/src/upstreams/peer.rs
@@ -388,7 +388,7 @@ impl Display for PeerOptions {
                 write!(
                     f,
                     "CA: {}, expire: {},",
-                    get_organizational_unit(&**ca).unwrap_or_default(),
+                    get_organizational_unit(ca).unwrap_or_default(),
                     get_not_after(ca),
                 )?;
             }

diff --git a/pingora-core/src/utils/tls/boringssl_openssl/mod.rs b/pingora-core/src/utils/tls/boringssl_openssl/mod.rs
@@ -87,7 +87,7 @@ pub fn get_x509_serial(cert: &X509) -> pingora_error::Result<String> {
 }
 
 pub fn der_to_x509(ca: &[u8]) -> pingora_error::Result<X509> {
-    let cert = X509::from_der(&*ca).explain_err(InvalidCert, |e| {
+    let cert = X509::from_der(ca).explain_err(InvalidCert, |e| {
         format!(
             "Failed to convert ca certificate in DER form to X509 cert. Error: {:?}",
             e

diff --git a/pingora-rustls/Cargo.toml b/pingora-rustls/Cargo.toml
@@ -19,7 +19,7 @@ path = "src/lib.rs"
 [dependencies]
 log = "0.4.21"
 ring = "0.17.8"
-rustls = "0.23.10"
+rustls = "0.23.12"
 rustls-native-certs = "0.7.1"
 rustls-pemfile = "2.1.2"
 rustls-pki-types = "1.7.0"

diff --git a/pingora-rustls/src/lib.rs b/pingora-rustls/src/lib.rs
@@ -34,8 +34,8 @@ fn load_file(path: &String) -> BufReader<File> {
 fn load_pem_file(path: &String) -> Result<Vec<Item>, std::io::Error> {
     let iter: Vec<Item> = rustls_pemfile::read_all(&mut load_file(path))
         .filter_map(|f| {
-            if f.is_ok() {
-                Some(f.unwrap())
+            if let Ok(f) = f {
+                Some(f)
             } else {
                 let err = f.err().unwrap();
                 warn!(
@@ -103,14 +103,15 @@ pub fn load_certs_key_file<'a>(
     key: &String,
 ) -> Option<(Vec<CertificateDer<'a>>, PrivateKeyDer<'a>)> {
     let certs_file = load_pem_file(cert)
-        .expect(format!("Failed to load configured cert file located at {}.", cert).as_str());
+        .unwrap_or_else(|_| panic!("Failed to load configured cert file located at {}.", cert));
     let key_file = load_pem_file(key)
-        .expect(format!("Failed to load configured key file located at {}.", cert).as_str());
+        .unwrap_or_else(|_| panic!("Failed to load configured key file located at {}.", cert));
 
     let mut certs: Vec<CertificateDer<'a>> = vec![];
-    certs_file.into_iter().for_each(|i| match i {
-        Item::X509Certificate(cert) => certs.push(cert),
-        _ => {}
+    certs_file.into_iter().for_each(|i| {
+        if let Item::X509Certificate(cert) = i {
+            certs.push(cert)
+        }
     });
 
     let private_key = match key_file.into_iter().next()? {
@@ -145,10 +146,8 @@ pub fn load_pem_file_ca(path: &String) -> Vec<u8> {
 
 pub fn load_pem_file_private_key(path: &String) -> Vec<u8> {
     let key = rustls_pemfile::private_key(&mut load_file(path));
-    if let Ok(key) = key {
-        if let Some(key) = key {
-            return key.secret_der().to_vec();
-        }
+    if let Ok(Some(key)) = key {
+        return key.secret_der().to_vec();
     }
     Vec::new()
 }