We currently have a fair bit of awkward code to handle tls certificates in the ldap source config:
|
let identity: Option<Identity> = match (tls.client_key, tls.client_certificate) { |
|
(Some(client_key), Some(client_cert)) => Some( |
|
Identity::from_pkcs8( |
|
std::fs::read(client_cert)?.as_slice(), |
|
std::fs::read(client_key)?.as_slice(), |
|
) |
|
.context("Could not create client identity")?, |
|
), |
|
(None, None) => None, |
|
_ => { |
|
bail!("Both client key *and* certificate must be specified") |
|
} |
|
}; |
In retrospect, we should bundle these in a client_identity attribute which is ~Option<struct ClientIdentity(PathBuf, PathBuf)> . That way we can assert at the type level that both are specified at the same time, and give a cleaner error message (directly from serde, so that the attribute and everything is listed) as a result.
That'd require a breaking change, unfortunately.
Originally posted by @tlater-famedly in #106 (comment)
We currently have a fair bit of awkward code to handle tls certificates in the ldap source config:
famedly-sync/src/sources/ldap.rs
Lines 262 to 274 in 727c4d9
In retrospect, we should bundle these in a
client_identityattribute which is ~Option<struct ClientIdentity(PathBuf, PathBuf)>. That way we can assert at the type level that both are specified at the same time, and give a cleaner error message (directly from serde, so that the attribute and everything is listed) as a result.That'd require a breaking change, unfortunately.
Originally posted by @tlater-famedly in #106 (comment)