From b8183bbcc3912177106f099769532f667b093146 Mon Sep 17 00:00:00 2001 From: Harald Gutmann Date: Wed, 24 Jul 2024 19:02:04 +0200 Subject: [PATCH] Fix visibility issue, update rustls & several clippy warnings --- .../connectors/tls/boringssl_openssl/mod.rs | 6 +++--- pingora-core/src/listeners/tls/mod.rs | 2 +- pingora-core/src/protocols/http/server.rs | 2 +- pingora-core/src/upstreams/peer.rs | 2 +- .../src/utils/tls/boringssl_openssl/mod.rs | 2 +- pingora-rustls/Cargo.toml | 2 +- pingora-rustls/src/lib.rs | 21 +++++++++---------- 7 files changed, 18 insertions(+), 19 deletions(-) diff --git a/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs b/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs index bd41a690..dd3dfc33 100644 --- a/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs +++ b/pingora-core/src/connectors/tls/boringssl_openssl/mod.rs @@ -182,7 +182,7 @@ where if let Some(ca_list) = peer.get_ca() { let mut store_builder = X509StoreBuilder::new().unwrap(); for ca in &**ca_list { - let cert = der_to_x509(&**ca)?; + let cert = der_to_x509(ca)?; store_builder.add_cert(cert).unwrap(); } ssl_set_verify_cert_store(&mut ssl_conf, &store_builder.build()) @@ -192,9 +192,9 @@ where // Set up client cert/key if let Some(key_pair) = peer.get_client_cert_key() { debug!("setting client cert and key"); - let leaf = der_to_x509(&*key_pair.leaf())?; + let leaf = der_to_x509(key_pair.leaf())?; ssl_use_certificate(&mut ssl_conf, &leaf).or_err(InternalError, "invalid client cert")?; - let key = der_to_private_key(&*key_pair.key())?; + let key = der_to_private_key(key_pair.key())?; ssl_use_private_key(&mut ssl_conf, &key).or_err(InternalError, "invalid client key")?; let intermediates = key_pair.intermediates(); diff --git a/pingora-core/src/listeners/tls/mod.rs b/pingora-core/src/listeners/tls/mod.rs index 80cb5547..0c8ac0de 100644 --- a/pingora-core/src/listeners/tls/mod.rs +++ b/pingora-core/src/listeners/tls/mod.rs @@ -36,7 +36,7 @@ pub mod boringssl_openssl; #[cfg(feature = "rustls")] pub(crate) mod rustls; -pub(crate) struct Acceptor { +pub struct Acceptor { ssl_acceptor: Box, callbacks: Option, } diff --git a/pingora-core/src/protocols/http/server.rs b/pingora-core/src/protocols/http/server.rs index c6479e7a..56ae2c94 100644 --- a/pingora-core/src/protocols/http/server.rs +++ b/pingora-core/src/protocols/http/server.rs @@ -53,7 +53,7 @@ impl Session { /// else with the session. /// - `Ok(true)`: successful /// - `Ok(false)`: client exit without sending any bytes. This is normal on reused connection. - /// In this case the user should give up this session. + /// In this case the user should give up this session. pub async fn read_request(&mut self) -> Result { match self { Self::H1(s) => { diff --git a/pingora-core/src/upstreams/peer.rs b/pingora-core/src/upstreams/peer.rs index 848c47a9..0c60974c 100644 --- a/pingora-core/src/upstreams/peer.rs +++ b/pingora-core/src/upstreams/peer.rs @@ -388,7 +388,7 @@ impl Display for PeerOptions { write!( f, "CA: {}, expire: {},", - get_organizational_unit(&**ca).unwrap_or_default(), + get_organizational_unit(ca).unwrap_or_default(), get_not_after(ca), )?; } diff --git a/pingora-core/src/utils/tls/boringssl_openssl/mod.rs b/pingora-core/src/utils/tls/boringssl_openssl/mod.rs index 9909fea9..0882cd1c 100644 --- a/pingora-core/src/utils/tls/boringssl_openssl/mod.rs +++ b/pingora-core/src/utils/tls/boringssl_openssl/mod.rs @@ -87,7 +87,7 @@ pub fn get_x509_serial(cert: &X509) -> pingora_error::Result { } pub fn der_to_x509(ca: &[u8]) -> pingora_error::Result { - let cert = X509::from_der(&*ca).explain_err(InvalidCert, |e| { + let cert = X509::from_der(ca).explain_err(InvalidCert, |e| { format!( "Failed to convert ca certificate in DER form to X509 cert. Error: {:?}", e diff --git a/pingora-rustls/Cargo.toml b/pingora-rustls/Cargo.toml index f68d8da0..aef66661 100644 --- a/pingora-rustls/Cargo.toml +++ b/pingora-rustls/Cargo.toml @@ -19,7 +19,7 @@ path = "src/lib.rs" [dependencies] log = "0.4.21" ring = "0.17.8" -rustls = "0.23.10" +rustls = "0.23.12" rustls-native-certs = "0.7.1" rustls-pemfile = "2.1.2" rustls-pki-types = "1.7.0" diff --git a/pingora-rustls/src/lib.rs b/pingora-rustls/src/lib.rs index 2f7c6ecb..e4d5de0e 100644 --- a/pingora-rustls/src/lib.rs +++ b/pingora-rustls/src/lib.rs @@ -34,8 +34,8 @@ fn load_file(path: &String) -> BufReader { fn load_pem_file(path: &String) -> Result, std::io::Error> { let iter: Vec = rustls_pemfile::read_all(&mut load_file(path)) .filter_map(|f| { - if f.is_ok() { - Some(f.unwrap()) + if let Ok(f) = f { + Some(f) } else { let err = f.err().unwrap(); warn!( @@ -103,14 +103,15 @@ pub fn load_certs_key_file<'a>( key: &String, ) -> Option<(Vec>, PrivateKeyDer<'a>)> { let certs_file = load_pem_file(cert) - .expect(format!("Failed to load configured cert file located at {}.", cert).as_str()); + .unwrap_or_else(|_| panic!("Failed to load configured cert file located at {}.", cert)); let key_file = load_pem_file(key) - .expect(format!("Failed to load configured key file located at {}.", cert).as_str()); + .unwrap_or_else(|_| panic!("Failed to load configured key file located at {}.", cert)); let mut certs: Vec> = vec![]; - certs_file.into_iter().for_each(|i| match i { - Item::X509Certificate(cert) => certs.push(cert), - _ => {} + certs_file.into_iter().for_each(|i| { + if let Item::X509Certificate(cert) = i { + certs.push(cert) + } }); let private_key = match key_file.into_iter().next()? { @@ -145,10 +146,8 @@ pub fn load_pem_file_ca(path: &String) -> Vec { pub fn load_pem_file_private_key(path: &String) -> Vec { let key = rustls_pemfile::private_key(&mut load_file(path)); - if let Ok(key) = key { - if let Some(key) = key { - return key.secret_der().to_vec(); - } + if let Ok(Some(key)) = key { + return key.secret_der().to_vec(); } Vec::new() }