Add a flag to manually specify roots. (#98)
This commit is contained in:
parent
c5b3e5cb8d
commit
a30f313439
|
@ -24,6 +24,13 @@ pub struct Config {
|
||||||
#[arg(long)]
|
#[arg(long)]
|
||||||
pub tls_key: Vec<path::PathBuf>,
|
pub tls_key: Vec<path::PathBuf>,
|
||||||
|
|
||||||
|
/// Use the TLS root at this path, encoded as PEM.
|
||||||
|
///
|
||||||
|
/// This value can be provided multiple times for multiple roots.
|
||||||
|
/// If this is empty, system roots will be used instead
|
||||||
|
#[arg(long)]
|
||||||
|
pub tls_root: Vec<path::PathBuf>,
|
||||||
|
|
||||||
/// Optional: Use the moq-api via HTTP to store origin information.
|
/// Optional: Use the moq-api via HTTP to store origin information.
|
||||||
#[arg(long)]
|
#[arg(long)]
|
||||||
pub api: Option<Url>,
|
pub api: Option<Url>,
|
||||||
|
|
|
@ -38,9 +38,22 @@ impl Tls {
|
||||||
// Create a list of acceptable root certificates.
|
// Create a list of acceptable root certificates.
|
||||||
let mut roots = RootCertStore::empty();
|
let mut roots = RootCertStore::empty();
|
||||||
|
|
||||||
// Add the platform's native root certificates.
|
if config.tls_root.is_empty() {
|
||||||
for cert in rustls_native_certs::load_native_certs().context("could not load platform certs")? {
|
// Add the platform's native root certificates.
|
||||||
roots.add(&Certificate(cert.0)).context("failed to add root cert")?;
|
for cert in rustls_native_certs::load_native_certs().context("could not load platform certs")? {
|
||||||
|
roots.add(&Certificate(cert.0)).context("failed to add root cert")?;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// Add the specified root certificates.
|
||||||
|
for root in &config.tls_root {
|
||||||
|
let root = fs::File::open(root).context("failed to open root cert file")?;
|
||||||
|
let mut root = io::BufReader::new(root);
|
||||||
|
let root = rustls_pemfile::certs(&mut root).context("failed to read root cert")?;
|
||||||
|
anyhow::ensure!(root.len() == 1, "expected a single root cert");
|
||||||
|
let root = Certificate(root[0].to_owned());
|
||||||
|
|
||||||
|
roots.add(&root).context("failed to add root cert")?;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let certs = Self {
|
let certs = Self {
|
||||||
|
|
Loading…
Reference in New Issue