Skip to content

Commit

Permalink
Fix mTLS root cert store (#222)
Browse files Browse the repository at this point in the history 
* Add intermediate certs if any exits to RootStore

* Do not respond to Spawn command if node_id is zero
  • Loading branch information
@kosticmarin
kosticmarin authored Oct 9, 2023
1 parent 4cb0ed4 commit 5eb9570
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 10 deletions.
22 changes: 13 additions & 9 deletions crates/lunatic-distributed/src/distributed/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,15 +158,19 @@ where
match handle_spawn(ctx.clone(), spawn).await {
Ok(Ok(id)) => {
log::trace!("lunatic::distributed::server Spawned {id}");
ctx.node_client
.send_response(ResponseParams {
node_id: NodeId(node_id),
response: Response {
message_id: msg_id,
content: ResponseContent::Spawned(id),
},
})
.await?;
// The platform sends the spawn instructions with node_id = 0
// in this case we do not respond
if node_id != 0 {
ctx.node_client
.send_response(ResponseParams {
node_id: NodeId(node_id),
response: Response {
message_id: msg_id,
content: ResponseContent::Spawned(id),
},
})
.await?;
}
}
Ok(Err(client_error)) => {
log::trace!("lunatic::distributed::server Spawn error: {client_error:?}");
Expand Down
5 changes: 4 additions & 1 deletion crates/lunatic-distributed/src/quic/quin.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,13 +124,16 @@ pub fn new_quic_server(
}?;

let mut cert_chain = Vec::new();
for cert in certs {
for (i, cert) in certs.iter().enumerate() {
let mut cert = cert.as_bytes();
let cert = rustls_pemfile::read_one(&mut cert)?.unwrap();
let cert = match cert {
Item::X509Certificate(cert) => Ok(rustls::Certificate(cert)),
_ => Err(anyhow!("Not a valid certificate")),
}?;
if i != 0 {
roots.add(&cert)?;
}
cert_chain.push(cert);
}

Expand Down

0 comments on commit 5eb9570

Please sign in to comment.