Skip to content

Commit

Permalink
Fix config parsing and warning logs for TLS and QUIC links (eclipse-z…
Browse files Browse the repository at this point in the history
…enoh#1600)

* Fix argument parsing and warning logs for TLS and QUIC links

* Use TLS_ENABLE_MTLS_DEFAULT in ConfigurationInspector
  • Loading branch information
oteffahi authored Nov 20, 2024
1 parent 8c94542 commit 3404e05
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 34 deletions.
1 change: 1 addition & 0 deletions io/zenoh-links/zenoh-link-quic/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ pub mod config {
pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";

pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;

pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
Expand Down
29 changes: 12 additions & 17 deletions io/zenoh-links/zenoh-link-quic/src/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
_ => {}
}

if let Some(client_auth) = c.enable_mtls() {
match client_auth {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
};
match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
}

match (c.connect_private_key(), c.connect_private_key_base64()) {
Expand Down Expand Up @@ -164,7 +162,7 @@ impl TlsServerConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};
let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down Expand Up @@ -268,21 +266,18 @@ impl TlsClientConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};

let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
Some(s) => {
let s: bool = s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
if s {
tracing::warn!("Skipping name verification of servers");
}
s
}
None => false,
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
};
if !tls_server_name_verification {
tracing::warn!("Skipping name verification of QUIC server");
}

let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down
1 change: 1 addition & 0 deletions io/zenoh-links/zenoh-link-tls/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ pub mod config {
pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";

pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;

pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
Expand Down
29 changes: 12 additions & 17 deletions io/zenoh-links/zenoh-link-tls/src/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -97,11 +97,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
_ => {}
}

if let Some(client_auth) = c.enable_mtls() {
match client_auth {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
};
match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
true => ps.push((TLS_ENABLE_MTLS, "true")),
false => ps.push((TLS_ENABLE_MTLS, "false")),
}

match (c.connect_private_key(), c.connect_private_key_base64()) {
Expand Down Expand Up @@ -168,7 +166,7 @@ impl TlsServerConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};
let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down Expand Up @@ -282,21 +280,18 @@ impl TlsClientConfig {
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown enable mTLS auth argument: {}", s))?,
None => false,
None => TLS_ENABLE_MTLS_DEFAULT,
};

let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
Some(s) => {
let s: bool = s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
if s {
tracing::warn!("Skipping name verification of servers");
}
s
}
None => false,
Some(s) => s
.parse()
.map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
};
if !tls_server_name_verification {
tracing::warn!("Skipping name verification of TLS server");
}

let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
Some(s) => s
Expand Down

0 comments on commit 3404e05

Please sign in to comment.