warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2025-09-06 06:34:32 +08:00
Code Issues Projects Releases Packages Wiki Activity

cleanup

Browse source
This commit is contained in:
Eugene 2025-07-02 08:46:01 +02:00
parent 103a480521
commit 8f475adbf2
No known key found for this signature in database
GPG key ID: 5896FCBBDD1CF4F4
3 changed files with 22 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
warpgate-common/src/tls/cert.rs
View file

@ -1,3 +1,4 @@
use std::net::{Ipv4Addr, Ipv6Addr};
use std::path::{Path, PathBuf};
use std::sync::Arc;
@ -50,12 +51,11 @@ impl TlsCertificateBundle {
}
pub fn sni_names(&self) -> Result<Vec<String>, RustlsSetupError> {
if self.certificates.is_empty() {
return Ok(Vec::new());
}
// Parse leaf certificate
let cert_der = &self.certificates[0];
let Some(cert_der) = self.certificates.first() else {
return Ok(Vec::new());
};
let (_, cert) =
X509Certificate::from_der(cert_der).map_err(|e| RustlsSetupError::X509(e.into()))?;
@ -74,27 +74,21 @@ impl TlsCertificateBundle {
names.push(dns_name.to_string());
}
GeneralName::IPAddress(ip_bytes) => {
// Convert IP bytes to string representation
if ip_bytes.len() == 4 {
// IPv4
names.push(format!(
"{}.{}.{}.{}",
ip_bytes[0], ip_bytes[1], ip_bytes[2], ip_bytes[3]
));
#[allow(clippy::unwrap_used)] // length checked
names.push(
Ipv4Addr::from(<[u8; 4]>::try_from(*ip_bytes).unwrap())
.to_string(),
);
} else if ip_bytes.len() == 16 {
// IPv6
let mut ipv6_parts = Vec::new();
for chunk in ip_bytes.chunks(2) {
ipv6_parts.push(format!(
"{:02x}{:02x}",
chunk[0],
chunk.get(1).unwrap_or(&0)
));
}
names.push(ipv6_parts.join(":"));
#[allow(clippy::unwrap_used)] // length checked
names.push(
Ipv6Addr::from(<[u8; 16]>::try_from(*ip_bytes).unwrap())
.to_string(),
);
}
}
_ => {} // Ignore other types like email, URI, etc.
_ => {}
}
}
}
@ -214,10 +208,10 @@ pub async fn load_certificate_and_key<R: IntoTlsCertificateRelativePaths>(
) -> Result<TlsCertificateAndPrivateKey, RustlsSetupError> {
Ok(TlsCertificateAndPrivateKey {
certificate: TlsCertificateBundle::from_file(
config.paths_relative_to.join(&from.certificate_path()),
config.paths_relative_to.join(from.certificate_path()),
)
.await?,
private_key: TlsPrivateKey::from_file(config.paths_relative_to.join(&from.key_path()))
private_key: TlsPrivateKey::from_file(config.paths_relative_to.join(from.key_path()))
.await?,
})
}

2
warpgate-protocol-http/src/lib.rs
View file

@ -67,7 +67,7 @@ async fn make_rustls_config(config: &WarpgateConfig) -> Result<RustlsConfig> {
let mut cfg = RustlsConfig::new().fallback(certificate_and_key.into());
for sni in &config.store.http.sni_certificates {
let certificate_and_key = load_certificate_and_key(sni, &config)
let certificate_and_key = load_certificate_and_key(sni, config)
.await
.with_context(|| format!("loading SNI TLS certificate: {sni:?}",))?;

10
warpgate-protocol-ssh/src/server/session.rs
View file

@ -1054,16 +1054,12 @@ impl ServerSession {
self.all_channels.push(uuid);
let recorder = self
.traffic_recorder_for(
TrafficRecorderKey::Socket(path.clone()),
"direct-tcpip",
)
.traffic_recorder_for(TrafficRecorderKey::Socket(path.clone()), "direct-tcpip")
.await;
if let Some(recorder) = recorder {
#[allow(clippy::unwrap_used)]
let mut recorder = recorder.connection(TrafficConnectionParams::Socket {
socket_path: path,
});
let mut recorder =
recorder.connection(TrafficConnectionParams::Socket { socket_path: path });
if let Err(error) = recorder.write_connection_setup().await {
error!(%channel, ?error, "Failed to record connection setup");
}