proto: avoid panicking on rustls server config errors

quinn-rs · Sep 2, 2024 · a8ec510 · a8ec510
1 parent c26e8cd
commit a8ec510
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 10 deletions.
diff --git a/quinn-proto/src/config.rs b/quinn-proto/src/config.rs
@@ -930,7 +930,7 @@ impl ServerConfig {
     ) -> Result<Self, rustls::Error> {
         Ok(Self::with_crypto(Arc::new(QuicServerConfig::new(
             cert_chain, key,
-        ))))
+        )?)))
     }
 }
 

diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
@@ -414,14 +414,14 @@ impl QuicServerConfig {
     pub(crate) fn new(
         cert_chain: Vec<CertificateDer<'static>>,
         key: PrivateKeyDer<'static>,
-    ) -> Self {
-        let inner = Self::inner(cert_chain, key);
-        Self {
+    ) -> Result<Self, rustls::Error> {
+        let inner = Self::inner(cert_chain, key)?;
+        Ok(Self {
             // We're confident that the *ring* default provider contains TLS13_AES_128_GCM_SHA256
             initial: initial_suite_from_provider(inner.crypto_provider())
                 .expect("no initial cipher suite found"),
             inner: Arc::new(inner),
-        }
+        })
     }
 
     /// Initialize a QUIC-compatible TLS client configuration with a separate initial cipher suite
@@ -445,18 +445,17 @@ impl QuicServerConfig {
     pub(crate) fn inner(
         cert_chain: Vec<CertificateDer<'static>>,
         key: PrivateKeyDer<'static>,
-    ) -> rustls::ServerConfig {
+    ) -> Result<rustls::ServerConfig, rustls::Error> {
         let mut inner = rustls::ServerConfig::builder_with_provider(
             rustls::crypto::ring::default_provider().into(),
         )
         .with_protocol_versions(&[&rustls::version::TLS13])
         .unwrap() // The *ring* default provider supports TLS 1.3
         .with_no_client_auth()
-        .with_single_cert(cert_chain, key)
-        .unwrap();
+        .with_single_cert(cert_chain, key)?;
 
         inner.max_early_data_size = u32::MAX;
-        inner
+        Ok(inner)
     }
 }
 

diff --git a/quinn-proto/src/tests/util.rs b/quinn-proto/src/tests/util.rs
@@ -598,7 +598,7 @@ fn server_crypto_inner(
         )
     });
 
-    let mut config = QuicServerConfig::inner(vec![cert], key);
+    let mut config = QuicServerConfig::inner(vec![cert], key).unwrap();
     if let Some(alpn) = alpn {
         config.alpn_protocols = alpn;
     }