Server::new only validates the private key and no longer rejects an empty certificate. Dtls::new_12(config, DtlsCertificate { certificate: vec![], .. }, now) constructs successfully, deferring the misconfiguration from startup to handshake time. CryptoContext::new used to catch this at construction.
|
pub fn new(config: Arc<Config>, certificate: crate::DtlsCertificate, now: Instant) -> Server { |
|
// unwrap: malformed private_key bytes are a programmer error from the |
|
// caller who constructed DtlsCertificate; panic matches the prior |
|
// CryptoContext::new behavior which also panicked on empty/invalid |
|
// key material. |
|
let private_key = config |
|
.crypto_provider() |
|
.key_provider |
|
.load_private_key(&certificate.private_key) |
|
.expect("Failed to parse server private key"); |
|
let auth = AuthMode::Certificate { |
|
certificate: certificate.certificate, |
|
private_key, |
|
}; |
|
let engine = Engine::new(config, auth); |
|
Self::new_with_engine(engine, now) |
|
} |
Server::newonly validates the private key and no longer rejects an empty certificate.Dtls::new_12(config, DtlsCertificate { certificate: vec![], .. }, now)constructs successfully, deferring the misconfiguration from startup to handshake time.CryptoContext::newused to catch this at construction.dimpl/src/dtls12/server.rs
Lines 127 to 143 in cda235a