about summary refs log tree commit diff
path: root/kittybox-rs
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2023-07-21 17:44:49 +0300
committerVika <vika@fireburn.ru>2023-07-21 17:44:49 +0300
commita6129fb8053bf4fdec23a925ecbb2b4a46b69042 (patch)
treeceb2616511f3d336f1bc78929c657c91c5a60329 /kittybox-rs
parentf34c2a2c95559bcb2d068abd611fff5cc677f159 (diff)
downloadkittybox-a6129fb8053bf4fdec23a925ecbb2b4a46b69042.tar.zst
Allow loading TLS root certificates from file
Untested, but will be useful when testing Webmentions in the
end-to-end test.
Diffstat (limited to 'kittybox-rs')
-rw-r--r--kittybox-rs/src/main.rs40
1 files changed, 33 insertions, 7 deletions
diff --git a/kittybox-rs/src/main.rs b/kittybox-rs/src/main.rs
index d96a8fb..7c6ddb6 100644
--- a/kittybox-rs/src/main.rs
+++ b/kittybox-rs/src/main.rs
@@ -148,13 +148,39 @@ async fn compose_kittybox(
 ) -> axum::Router {
     let http: reqwest::Client = {
         #[allow(unused_mut)]
-        let mut builder = reqwest::Client::builder().user_agent(concat!(
-            env!("CARGO_PKG_NAME"),
-            "/",
-            env!("CARGO_PKG_VERSION")
-        ));
-        // TODO: add a root certificate if there's an environment variable pointing at it
-        //builder = builder.add_root_certificate(reqwest::Certificate::from_pem(todo!()));
+        let mut builder = reqwest::Client::builder()
+            .user_agent(concat!(
+                env!("CARGO_PKG_NAME"),
+                "/",
+                env!("CARGO_PKG_VERSION")
+            ));
+        if let Ok(certs) = std::env::var("KITTYBOX_CUSTOM_PKI_ROOTS") {
+            // TODO: add a root certificate if there's an environment variable pointing at it
+            for path in certs.split(':') {
+                let metadata = match tokio::fs::metadata(path).await {
+                    Ok(metadata) => metadata,
+                    Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+                        tracing::error!("TLS root certificate {} not found, skipping...", path);
+                        continue;
+                    }
+                    Err(err) => panic!("Error loading TLS certificates: {}", err)
+                };
+                if metadata.is_dir() {
+                    let mut dir = tokio::fs::read_dir(path).await.unwrap();
+                    while let Ok(Some(file)) = dir.next_entry().await {
+                        let pem = tokio::fs::read(file.path()).await.unwrap();
+                        builder = builder.add_root_certificate(
+                            reqwest::Certificate::from_pem(&pem).unwrap()
+                        );
+                    }
+                } else {
+                    let pem = tokio::fs::read(path).await.unwrap();
+                    builder = builder.add_root_certificate(
+                        reqwest::Certificate::from_pem(&pem).unwrap()
+                    );
+                }
+            }
+        }
 
         builder.build().unwrap()
     };