TLS works \o/

So, the issues were: - webpki does not support IP addresses as DNS names in URLs, so I hacked the HttpsConnector to always provide a fixed string as the DNS name for server certificate validation - the certificate requied a SAN section which was complicated to build but eventually the solution is there in genkeys.sh
author: Alex Auvolat <alex@adnab.me> 2020-04-12 19:00:30 +0200
committer: Alex Auvolat <alex@adnab.me> 2020-04-12 19:00:30 +0200
commit: d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6 (patch)
tree: 08309e6d85dea5c28f4c12df151ed1b3bdb6bec9 /src/rpc_server.rs
parent: d1e8f78b2cd28f4514ad6f7d54aae6aaa4ef3f15 (diff)
download: garage-d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6.tar.gz
garage-d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/rpc_server.rs b/src/rpc_server.rs
index f42d54ac..17da6f86 100644
--- a/src/rpc_server.rs
+++ b/src/rpc_server.rs
@@ -120,7 +120,7 @@ pub async fn run_rpc_server(
 
 		let mut config =
 			rustls::ServerConfig::new(rustls::AllowAnyAuthenticatedClient::new(ca_store));
-		config.set_single_cert([&ca_certs[..], &node_certs[..]].concat(), node_key)?;
+		config.set_single_cert([&node_certs[..], &ca_certs[..]].concat(), node_key)?;
 		let tls_acceptor = Arc::new(TlsAcceptor::from(Arc::new(config)));
 
 		let mut listener = TcpListener::bind(&bind_addr).await?;
author	Alex Auvolat <alex@adnab.me>	2020-04-12 19:00:30 +0200
committer	Alex Auvolat <alex@adnab.me>	2020-04-12 19:00:30 +0200
commit	d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6 (patch)
tree	08309e6d85dea5c28f4c12df151ed1b3bdb6bec9 /src/rpc_server.rs
parent	d1e8f78b2cd28f4514ad6f7d54aae6aaa4ef3f15 (diff)
download	garage-d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6.tar.gz garage-d2814b5c3374f8b99a81dbb9fa3614c875cfc5e6.zip