chore: macos test

.github/workflows/build-macos-x64.yml

@@ -38,9 +38,9 @@ jobs:
       #     security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
       #     security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $MACOS_CERTIFICATE_PWD build.keychain
       #     cd __build__binary__
-      #     /usr/bin/codesign -f -s "$MACOS_FULL_IDENTITY" --entitlements ../.github/macos-build-entitlements.plist --options=runtime --timestamp ./tagocore
-      #     zip ./tagocore.zip ./tagocore
-      #     /usr/bin/codesign -f -s "$MACOS_FULL_IDENTITY" --options=runtime --timestamp ./tagocore.zip
+      #     /usr/bin/codesign -f -s "$MACOS_FULL_IDENTITY" --entitlements ../.github/macos-build-entitlements.plist --options=runtime --timestamp ./mqttrelay
+      #     zip ./mqttrelay.zip ./mqttrelay
+      #     /usr/bin/codesign -f -s "$MACOS_FULL_IDENTITY" --options=runtime --timestamp ./mqttrelay.zip
 
       # # Notarize app using xcrun altool
       # - name: Notarize binary
@@ -49,18 +49,17 @@ jobs:
       #     MACOS_DEVELOPER_PWD: ${{ secrets.MACOS_DEVELOPER_PWD }}
       #     MACOS_BUNDLE_ID: ${{ secrets.MACOS_BUNDLE_ID }}
       #     MACOS_ASC_PROVIDER: ${{ secrets.MACOS_ASC_PROVIDER }}
-      #   run: xcrun altool --notarize-app --primary-bundle-id "$MACOS_BUNDLE_ID" -u "$MACOS_DEVELOPER_EMAIL" -p "$MACOS_DEVELOPER_PWD" --asc-provider "$MACOS_ASC_PROVIDER" -f ./__build__binary__/tagocore.zip
+      #   run: xcrun altool --notarize-app --primary-bundle-id "$MACOS_BUNDLE_ID" -u "$MACOS_DEVELOPER_EMAIL" -p "$MACOS_DEVELOPER_PWD" --asc-provider "$MACOS_ASC_PROVIDER" -f ./__build__binary__/mqttrelay.zip
 
       # Zip the binary
       - name: Generate tar.gz
         run: |
-          cd __build__binary__
-          unzip -o tagocore.zip
-          tar cvf - tagocore | gzip > ../tagocore-mac-x64.tar.gz
+          cd target/release
+          tar cvf - tago-relay | gzip > ../tago-relay-mac-x64.tar.gz
 
       # Upload the zip file as an artifact
       - name: Upload artifact
         uses: actions/upload-artifact@v2
         with:
-          name: mqttrelay-macos-x64
-          path: ../tagocore.zip
+          name: tago-relay-macos-x64
+          path: ../tago-relay-mac-x64.tar.gz

src/relay.rs

@@ -18,7 +18,7 @@ use axum_server::tls_openssl::OpenSSLConfig;
 use openssl::{
   pkey::PKey,
   ssl::{SslAcceptor, SslMethod, SslVerifyMode},
-  x509::X509,
+  x509::{store::X509StoreBuilder, X509},
 };
 
 use dotenvy_macro::dotenv;
@@ -41,6 +41,7 @@ const HOST_ADDRESS: &str = "127.0.0.1";
 const HOST_ADDRESS: &str = "::"; // ? External IPv4/IPv6 support
 
 fn create_ssl_acceptor() -> Result<Arc<SslAcceptor>, openssl::error::ErrorStack> {
+  // Certificates contents are stored in the environment variables
   let cert = dotenv!("SERVER_SSL_CERT").as_bytes();
   let key = dotenv!("SERVER_SSL_KEY").as_bytes();
   let ca = dotenv!("SERVER_SSL_CA").as_bytes();
@@ -52,9 +53,20 @@ fn create_ssl_acceptor() -> Result<Arc<SslAcceptor>, openssl::error::ErrorStack>
   let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
   acceptor.set_private_key(&key)?;
   acceptor.set_certificate(&cert)?;
-  acceptor.add_extra_chain_cert(ca)?;
+  // acceptor.add_client_ca(&ca)?;
   acceptor.check_private_key()?;
 
+  // Create a new X509Store and add the CA certificate to it
+  let mut store_builder = X509StoreBuilder::new()?;
+  store_builder.add_cert(ca.clone())?;
+  let store = store_builder.build();
+
+  // Set the CA store for the acceptor
+  acceptor.set_cert_store(store);
+
+  // Add the CA certificate as a client CA
+  acceptor.add_client_ca(&ca)?;
+
   acceptor.set_verify(SslVerifyMode::PEER | SslVerifyMode::FAIL_IF_NO_PEER_CERT);
   Ok(Arc::new(acceptor.build()))
 }