From 8f7f44eae4e6581aa877ca425d78f72ea10ff808 Mon Sep 17 00:00:00 2001 From: Emil Sauer Lynge Date: Mon, 17 Jan 2022 21:37:34 +0100 Subject: [PATCH] prevent TLS config from using PEM server auth --- src/config.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/config.rs b/src/config.rs index 2ed2166..ecf6c72 100644 --- a/src/config.rs +++ b/src/config.rs @@ -191,9 +191,12 @@ impl Config { Ok(()) } - fn validate_tls_config(tls_config: &TlsConfig, is_server: bool) -> Result<()>{ + fn validate_tls_config(tls_config: &TlsConfig, is_server: bool, is_quic: bool) -> Result<()>{ if is_server { if tls_config.pem_server_key.is_some() { + if !is_quic { + bail!("`pem_server_key` and `pem_server_cert` are not yet supported for TLS") + } tls_config.pem_server_cert.as_ref().ok_or( anyhow!("`pem_server_key` provided but `pem_server_cert` is missing"))?; } else { @@ -219,14 +222,14 @@ impl Config { .tls .as_ref() .ok_or(anyhow!("Missing TLS configuration"))?; - Config::validate_tls_config(tls_config, is_server) + Config::validate_tls_config(tls_config, is_server, false) } TransportType::Quic => { let tls_config = config .quic .as_ref() .ok_or(anyhow!("Missing QUIC configuration"))?; - Config::validate_tls_config(tls_config, is_server) + Config::validate_tls_config(tls_config, is_server, true) } TransportType::Noise => { // The check is done in transport