diff options
author | Vika <vika@fireburn.ru> | 2023-07-21 17:44:49 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2023-07-21 17:44:49 +0300 |
commit | a6129fb8053bf4fdec23a925ecbb2b4a46b69042 (patch) | |
tree | ceb2616511f3d336f1bc78929c657c91c5a60329 /kittybox-rs | |
parent | f34c2a2c95559bcb2d068abd611fff5cc677f159 (diff) | |
download | kittybox-a6129fb8053bf4fdec23a925ecbb2b4a46b69042.tar.zst |
Allow loading TLS root certificates from file
Untested, but will be useful when testing Webmentions in the end-to-end test.
Diffstat (limited to 'kittybox-rs')
-rw-r--r-- | kittybox-rs/src/main.rs | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/kittybox-rs/src/main.rs b/kittybox-rs/src/main.rs index d96a8fb..7c6ddb6 100644 --- a/kittybox-rs/src/main.rs +++ b/kittybox-rs/src/main.rs @@ -148,13 +148,39 @@ async fn compose_kittybox( ) -> axum::Router { let http: reqwest::Client = { #[allow(unused_mut)] - let mut builder = reqwest::Client::builder().user_agent(concat!( - env!("CARGO_PKG_NAME"), - "/", - env!("CARGO_PKG_VERSION") - )); - // TODO: add a root certificate if there's an environment variable pointing at it - //builder = builder.add_root_certificate(reqwest::Certificate::from_pem(todo!())); + let mut builder = reqwest::Client::builder() + .user_agent(concat!( + env!("CARGO_PKG_NAME"), + "/", + env!("CARGO_PKG_VERSION") + )); + if let Ok(certs) = std::env::var("KITTYBOX_CUSTOM_PKI_ROOTS") { + // TODO: add a root certificate if there's an environment variable pointing at it + for path in certs.split(':') { + let metadata = match tokio::fs::metadata(path).await { + Ok(metadata) => metadata, + Err(err) if err.kind() == std::io::ErrorKind::NotFound => { + tracing::error!("TLS root certificate {} not found, skipping...", path); + continue; + } + Err(err) => panic!("Error loading TLS certificates: {}", err) + }; + if metadata.is_dir() { + let mut dir = tokio::fs::read_dir(path).await.unwrap(); + while let Ok(Some(file)) = dir.next_entry().await { + let pem = tokio::fs::read(file.path()).await.unwrap(); + builder = builder.add_root_certificate( + reqwest::Certificate::from_pem(&pem).unwrap() + ); + } + } else { + let pem = tokio::fs::read(path).await.unwrap(); + builder = builder.add_root_certificate( + reqwest::Certificate::from_pem(&pem).unwrap() + ); + } + } + } builder.build().unwrap() }; |