prevent TLS config from using PEM server auth

rapiz1 · Jan 17, 2022 · 8f7f44e · 8f7f44e
1 parent 0ccb646
commit 8f7f44e
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/config.rs b/src/config.rs
@@ -191,9 +191,12 @@ impl Config {
         Ok(())
     }
 
-    fn validate_tls_config(tls_config: &TlsConfig, is_server:  bool) -> Result<()>{
+    fn validate_tls_config(tls_config: &TlsConfig, is_server:  bool, is_quic: bool) -> Result<()>{
         if is_server {
             if tls_config.pem_server_key.is_some() {
+                if !is_quic {
+                    bail!("`pem_server_key` and `pem_server_cert` are not yet supported for TLS")
+                }
                 tls_config.pem_server_cert.as_ref().ok_or(
                     anyhow!("`pem_server_key` provided but `pem_server_cert` is missing"))?;
             } else {
@@ -219,14 +222,14 @@ impl Config {
                     .tls
                     .as_ref()
                     .ok_or(anyhow!("Missing TLS configuration"))?;
-                Config::validate_tls_config(tls_config, is_server)
+                Config::validate_tls_config(tls_config, is_server, false)
             }
             TransportType::Quic => {
                 let tls_config = config
                     .quic
                     .as_ref()
                     .ok_or(anyhow!("Missing QUIC configuration"))?;
-                Config::validate_tls_config(tls_config, is_server)
+                Config::validate_tls_config(tls_config, is_server, true)
             }
             TransportType::Noise => {
                 // The check is done in transport