address pr feedback

aws · Dec 21, 2024 · d188862 · d188862
1 parent b415b82
commit d188862
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/bindings/rust-examples/async-pkey-offload/README.md b/bindings/rust-examples/async-pkey-offload/README.md
@@ -1,14 +1,12 @@
 # PKey Offload with KMS
 
-This example shows how to use s2n-tls pkey offload functionality to create TLS connections with a private key that is stored in KMS
+This example shows how to use s2n-tls pkey offload functionality to create TLS connections with a private key that is stored in KMS.
 
 It will
 1. generate an asymmetric key in KMS
 2. create a public (self-signed) x509 certificate corresponding to the private key in KMS
 3. handle TLS connections for that certificate, offloading all private key operations to KMS
 
-If you are looking for a simpler example, you should start with the basic [tokio server & client](../tokio-server-client/Readme.md) instead.
-
 ```
                       server (s2n-tls)                  KMS      
                      ┌───────────────┐            ┌─────────────┐
@@ -49,7 +47,7 @@ test handshake ... ok
 You can clean up the test resources by running `cargo run --bin delete_demo_keys`.
 
 ### Self Signed Cert Generation
-The example will use a self signed cert with an asymmetric key that is stored in KMS. First we generate a private key in KMS. This will be the private key of the certificate. We use `rcgen` and it's associated `KeyPair::from_remote` functionality to actually generate the cert. Below you can see what the certificate looked like when I ran it on my own machine.
+The example will use a self signed cert with an asymmetric key that is stored in KMS. First we generate a private key in KMS. This will be the private key of the certificate. We use [rcgen](https://github.com/rustls/rcgen) and its associated [KeyPair::from_remote](https://docs.rs/rcgen/latest/rcgen/trait.RemoteKeyPair.html) functionality to actually generate the cert. Below you can see what the certificate looked like when I ran it on my own machine.
 
 ```
 Certificate:

diff --git a/bindings/rust-examples/async-pkey-offload/tests/client_server.rs b/bindings/rust-examples/async-pkey-offload/tests/client_server.rs
@@ -29,8 +29,8 @@ async fn handshake() -> Result<(), Box<dyn std::error::Error>> {
     };
 
     let self_signed_cert = create_self_signed_cert(kms_key.clone())?;
-    // closures are `move`, so we need another copy for the client.
-    let client_cert_copy = self_signed_cert.clone();
+    // async blocks are marked `move`, so we need another copy
+    let cert_copy = self_signed_cert.clone();
 
     // Bind to an address and listen for connections.
     // ":0" can be used to automatically assign a port.
@@ -73,7 +73,7 @@ async fn handshake() -> Result<(), Box<dyn std::error::Error>> {
     let client = tokio::spawn(async move {
         let mut client_config = s2n_tls::config::Config::builder();
         client_config.set_security_policy(&security::DEFAULT_TLS13)?;
-        client_config.trust_pem(client_cert_copy.as_bytes())?;
+        client_config.trust_pem(cert_copy.as_bytes())?;
 
         // Create the TlsConnector based on the configuration.
         let client = TlsConnector::new(client_config.build()?);