Skip to content

Commit

Permalink
Make logic independant from server certificates
Browse files Browse the repository at this point in the history
  • Loading branch information
ThibsG committed Nov 28, 2022
1 parent fcc1e83 commit e14a91a
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 30 deletions.
14 changes: 7 additions & 7 deletions sqlx-core/src/net/tls/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -138,14 +138,14 @@ async fn configure_tls_connector(

builder.add_root_certificate(cert);
}
}

// authentication using user's key-file and its associated certificate
if let (Some(cert_path), Some(key_path)) = (client_cert_path, client_key_path) {
let cert_path = cert_path.data().await?;
let key_path = key_path.data().await?;
let identity = Identity::from_pkcs8(&cert_path, &key_path)?;
builder.identity(identity);
}
// authentication using user's key-file and its associated certificate
if let (Some(cert_path), Some(key_path)) = (client_cert_path, client_key_path) {
let cert_path = cert_path.data().await?;
let key_path = key_path.data().await?;
let identity = Identity::from_pkcs8(&cert_path, &key_path)?;
builder.identity(identity);
}

#[cfg(not(feature = "_rt-async-std"))]
Expand Down
45 changes: 26 additions & 19 deletions sqlx-core/src/net/tls/rustls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,34 @@ pub async fn configure_tls_connector(
client_cert_path: Option<&CertificateInput>,
client_key_path: Option<&CertificateInput>,
) -> Result<sqlx_rt::TlsConnector, Error> {
let mut config = ClientConfig::builder().with_safe_defaults();
let config = ClientConfig::builder().with_safe_defaults();

// authentication using user's key and its associated certificate
let user_auth = match (client_cert_path, client_key_path) {
(Some(cert_path), Some(key_path)) => {
let cert_chain = certs_from_pem(cert_path.data().await?)?;
let key_der = private_key_from_pem(key_path.data().await?)?;
Some((cert_chain, key_der))
}
(None, None) => None,
(_, _) => {
return Err(Error::Configuration(
"user auth key and certs must be given together".into(),
))
}
};

let config = if accept_invalid_certs {
config
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
.with_no_client_auth()
if let Some(user_auth) = user_auth {
config
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
.with_single_cert(user_auth.0, user_auth.1)
.map_err(|err| Error::Tls(err.into()))?
} else {
config
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
.with_no_client_auth()
}
} else {
let mut cert_store = RootCertStore::empty();
cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
Expand All @@ -45,21 +67,6 @@ pub async fn configure_tls_connector(
}
}

// authentication using user's key and its associated certificate
let user_auth = match (client_cert_path, client_key_path) {
(Some(cert_path), Some(key_path)) => {
let cert_chain = certs_from_pem(cert_path.data().await?)?;
let key_der = private_key_from_pem(key_path.data().await?)?;
Some((cert_chain, key_der))
}
(None, None) => None,
(_, _) => {
return Err(Error::Configuration(
"user auth key and certs must be given together".into(),
))
}
};

if accept_invalid_hostnames {
let verifier = WebPkiVerifier::new(cert_store, None);

Expand Down
9 changes: 5 additions & 4 deletions sqlx-core/src/sqlite/statement/handle.rs
Original file line number Diff line number Diff line change
Expand Up @@ -385,10 +385,11 @@ impl Notify {
}

fn wait(&self) {
let _ = self
.condvar
.wait_while(self.mutex.lock().unwrap(), |fired| !*fired)
.unwrap();
drop(
self.condvar
.wait_while(self.mutex.lock().unwrap(), |fired| !*fired)
.unwrap(),
);
}

fn fire(&self) {
Expand Down

0 comments on commit e14a91a

Please sign in to comment.