Add more logging around TLS config issues

2022-11-20 22:46:20 -06:00 · 2022-11-20 22:46:20 -06:00 · 205e794b9e
commit 205e794b9e
parent 73cc4862d9
1 changed files with 25 additions and 11 deletions
--- a/src/config.rs
+++ b/src/config.rs
@ -143,9 +143,18 @@ impl Config {
        let scheme = if config.https { "https" } else { "http" };
        let base_uri = iri!(format!("{}://{}", scheme, config.hostname)).into_absolute();

-        let tls = config
-            .tls_key
-            .and_then(|key| config.tls_cert.map(|cert| TlsConfig { key, cert }));
+        let tls = match (config.tls_key, config.tls_cert) {
+            (Some(key), Some(cert)) => Some(TlsConfig { key, cert }),
+            (Some(_), None) => {
+                tracing::warn!("TLS_KEY is set but TLS_CERT isn't , not building TLS config");
+                None
+            }
+            (None, Some(_)) => {
+                tracing::warn!("TLS_CERT is set but TLS_KEY isn't , not building TLS config");
+                None
+            }
+            (None, None) => None,
+        };

        Ok(Config {
            hostname: config.hostname,
@ -170,6 +179,7 @@ impl Config {
        let tls = if let Some(tls) = &self.tls {
            tls
        } else {
+            tracing::warn!("No TLS config present");
            return Ok(None);
        };

@ -177,18 +187,22 @@ impl Config {
        let certs = rustls_pemfile::certs(&mut certs_reader)?;

        let mut key_reader = BufReader::new(std::fs::File::open(&tls.key)?);
-        let keys = rustls_pemfile::read_all(&mut key_reader)?;
+        let key = rustls_pemfile::read_one(&mut key_reader)?;

        let certs = certs.into_iter().map(Certificate).collect();

-        let key = if let Some(key) = keys.into_iter().find_map(|item| match item {
-            rustls_pemfile::Item::RSAKey(der) => Some(PrivateKey(der)),
-            rustls_pemfile::Item::PKCS8Key(der) => Some(PrivateKey(der)),
-            rustls_pemfile::Item::ECKey(der) => Some(PrivateKey(der)),
-            _ => None,
-        }) {
-            key
+        let key = if let Some(key) = key {
+            match key {
+                rustls_pemfile::Item::RSAKey(der) => PrivateKey(der),
+                rustls_pemfile::Item::PKCS8Key(der) => PrivateKey(der),
+                rustls_pemfile::Item::ECKey(der) => PrivateKey(der),
+                _ => {
+                    tracing::warn!("Unknown key format: {:?}", key);
+                    return Ok(None);
+                }
+            }
        } else {
+            tracing::warn!("Failed to read private key");
            return Ok(None);
        };