Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix config parsing and warning logs for TLS and QUIC links #1600

Merged
merged 2 commits into from
Nov 20, 2024
Merged

Fix config parsing and warning logs for TLS and QUIC links #1600

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
06e7c3c
Fix argument parsing and warning logs for TLS and QUIC links
oteffahi Nov 20, 2024
c7efbf1
Use TLS_ENABLE_MTLS_DEFAULT in ConfigurationInspector
oteffahi Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions io/zenoh-links/zenoh-link-quic/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ pub mod config {
pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";

pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;

pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
Expand Down
29 changes: 12 additions & 17 deletions io/zenoh-links/zenoh-link-quic/src/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
_ => {}
}

if let Some(client_auth) = c.enable_mtls() {
match client_auth {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
};
match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
}

match (c.connect_private_key(), c.connect_private_key_base64()) {
Expand Down Expand Up @@ -164,7 +162,7 @@ impl TlsServerConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};
let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down Expand Up @@ -268,21 +266,18 @@ impl TlsClientConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};

let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
Some(s) => {
let s: bool = s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
if s {
tracing::warn!("Skipping name verification of servers");
}
s
}
None => false,
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
};
if !tls_server_name_verification {
tracing::warn!("Skipping name verification of QUIC server");
}

let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down
1 change: 1 addition & 0 deletions io/zenoh-links/zenoh-link-tls/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ pub mod config {
pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";

pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;

pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
Expand Down
29 changes: 12 additions & 17 deletions io/zenoh-links/zenoh-link-tls/src/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
_ => {}
}

if let Some(client_auth) = c.enable_mtls() {
match client_auth {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
};
match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
}

match (c.connect_private_key(), c.connect_private_key_base64()) {
Expand Down Expand Up @@ -168,7 +166,7 @@ impl TlsServerConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};
let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down Expand Up @@ -282,21 +280,18 @@ impl TlsClientConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS auth argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};

let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
Some(s) => {
let s: bool = s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
if s {
tracing::warn!("Skipping name verification of servers");
}
s
}
None => false,
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
};
if !tls_server_name_verification {
tracing::warn!("Skipping name verification of TLS server");
}

let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down