From dea5534156b0da1e26bfb29c1a87e69d4b27777f Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Tue, 12 Mar 2024 16:18:42 -0400 Subject: [PATCH] fix(bindings): Apply with_system_certs to Config builder (#4456) --- bindings/rust/s2n-tls/src/config.rs | 7 +++- bindings/rust/s2n-tls/src/testing/s2n_tls.rs | 44 +++++++++++--------- 2 files changed, 30 insertions(+), 21 deletions(-) diff --git a/bindings/rust/s2n-tls/src/config.rs b/bindings/rust/s2n-tls/src/config.rs index 3137a9d248d..9c42ad2b532 100644 --- a/bindings/rust/s2n-tls/src/config.rs +++ b/bindings/rust/s2n-tls/src/config.rs @@ -151,7 +151,6 @@ impl Drop for Config { } } -#[derive(Default)] pub struct Builder { config: Config, load_system_certs: bool, @@ -743,6 +742,12 @@ impl Builder { } } +impl Default for Builder { + fn default() -> Self { + Self::new() + } +} + pub(crate) struct Context { refcount: AtomicUsize, pub(crate) client_hello_callback: Option>, diff --git a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs index 1b6f12eae03..8fcf7c86db6 100644 --- a/bindings/rust/s2n-tls/src/testing/s2n_tls.rs +++ b/bindings/rust/s2n-tls/src/testing/s2n_tls.rs @@ -756,32 +756,36 @@ mod tests { // Load the server certificate into the trust store by overriding the OpenSSL default // certificate location. temp_env::with_var("SSL_CERT_FILE", Some(keypair.cert_path()), || { - let mut builder = Builder::new(); - builder - .load_pem(keypair.cert(), keypair.key()) - .unwrap() - .set_security_policy(&security::DEFAULT_TLS13) - .unwrap() - .set_verify_host_callback(InsecureAcceptAllCertificatesHandler {}) - .unwrap(); + // Test the Builder itself, and also the Builder produced by the Config builder() API. + for mut builder in [Builder::new(), Config::builder()] { + builder + .load_pem(keypair.cert(), keypair.key()) + .unwrap() + .set_security_policy(&security::DEFAULT_TLS13) + .unwrap() + .set_verify_host_callback(InsecureAcceptAllCertificatesHandler {}) + .unwrap(); - // Disable loading system certificates - builder.with_system_certs(false).unwrap(); + // Disable loading system certificates + builder.with_system_certs(false).unwrap(); - let config = builder.build().unwrap(); - let mut config_with_system_certs = config.clone(); + let config = builder.build().unwrap(); + let mut config_with_system_certs = config.clone(); - let mut pair = tls_pair(config); + let mut pair = tls_pair(config); - // System certificates should not be loaded into the trust store. The handshake - // should fail since the certificate should not be trusted. - assert!(poll_tls_pair_result(&mut pair).is_err()); + // System certificates should not be loaded into the trust store. The handshake + // should fail since the certificate should not be trusted. + assert!(poll_tls_pair_result(&mut pair).is_err()); - // The handshake should succeed after trusting the certificate. - unsafe { - s2n_tls_sys::s2n_config_load_system_certs(config_with_system_certs.as_mut_ptr()); + // The handshake should succeed after trusting the certificate. + unsafe { + s2n_tls_sys::s2n_config_load_system_certs( + config_with_system_certs.as_mut_ptr(), + ); + } + establish_connection(config_with_system_certs); } - establish_connection(config_with_system_certs); }); }