Line data Source code
1 : use std::sync::Arc;
2 :
3 : use anyhow::bail;
4 : use rustls::crypto::ring;
5 :
6 0 : pub(crate) fn load_certs() -> anyhow::Result<Arc<rustls::RootCertStore>> {
7 0 : let der_certs = rustls_native_certs::load_native_certs();
8 0 :
9 0 : if !der_certs.errors.is_empty() {
10 0 : bail!("could not parse certificates: {:?}", der_certs.errors);
11 0 : }
12 0 :
13 0 : let mut store = rustls::RootCertStore::empty();
14 0 : store.add_parsable_certificates(der_certs.certs);
15 0 : Ok(Arc::new(store))
16 0 : }
17 :
18 : /// Loads the root certificates and constructs a client config suitable for connecting to the neon compute.
19 : /// This function is blocking.
20 0 : pub fn compute_client_config_with_root_certs() -> anyhow::Result<rustls::ClientConfig> {
21 0 : Ok(
22 0 : rustls::ClientConfig::builder_with_provider(Arc::new(ring::default_provider()))
23 0 : .with_safe_default_protocol_versions()
24 0 : .expect("ring should support the default protocol versions")
25 0 : .with_root_certificates(load_certs()?)
26 0 : .with_no_client_auth(),
27 : )
28 0 : }
29 :
30 : #[cfg(test)]
31 28 : pub fn compute_client_config_with_certs(
32 28 : certs: impl IntoIterator<Item = rustls::pki_types::CertificateDer<'static>>,
33 28 : ) -> rustls::ClientConfig {
34 28 : let mut store = rustls::RootCertStore::empty();
35 28 : store.add_parsable_certificates(certs);
36 28 :
37 28 : rustls::ClientConfig::builder_with_provider(Arc::new(ring::default_provider()))
38 28 : .with_safe_default_protocol_versions()
39 28 : .expect("ring should support the default protocol versions")
40 28 : .with_root_certificates(store)
41 28 : .with_no_client_auth()
42 28 : }
|