download: statically bundle relevant trust anchors #4631
Conversation
|
@djc Not directly related, but should we establish a standard for generated files and include And, since I cannot compile the code (yet) so I'm not able to verify, maybe it's a good idea to disable |
| .unwrap(); | ||
|
|
||
| code.push_str(&format!( | ||
| " CertificateDer::from_slice(&{:?}),\n", |
There was a problem hiding this comment.
I doubt whether that will give the right formatting. How about disabling formatting and/or lints altogether and just maintaining an OK-ish style here?
| use rustls::pki_types::CertificateDer; | ||
|
|
||
| pub(crate) const RUSTUP_TRUST_ANCHORS: &[CertificateDer<'static>] = &[ | ||
| CertificateDer::from_slice(&[ |
There was a problem hiding this comment.
Nit: Since you already have the hostnames, maybe it could be useful to indicate which is which, say with a comment?
| let root = verifier.root.lock().unwrap().take().unwrap(); | ||
| let root_cert = roots | ||
| .iter() | ||
| .find_map(|(cert_der, ta)| match ta == &root { |
There was a problem hiding this comment.
Nit: This might be a good place to put .then_some() since the match isn't really doing too much.
| .await | ||
| .unwrap(); | ||
|
|
||
| let root = verifier.root.lock().unwrap().take().unwrap(); |
There was a problem hiding this comment.
Nit: That's a lot of .unwrap() here. Maybe this test function return a result and the overall code can be shortened by quite a bit? Not 100% sure, but probably worth testing though (pun intended) :)
This seems to compile at least. I still want to give it another look, but happy to get feedback from others, too.
Let me know if/where it needs more comments.