From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 0C9881FF15C for ; Fri, 11 Jul 2025 10:16:48 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 92ED5ABE9; Fri, 11 Jul 2025 10:17:34 +0200 (CEST) Message-ID: <0af0a265-352f-4095-949c-1ff3dc5f6c00@proxmox.com> Date: Fri, 11 Jul 2025 10:17:29 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Thomas Lamprecht , Proxmox Backup Server development discussion References: <20250710170728.102829-1-c.ebner@proxmox.com> <20250710170728.102829-2-c.ebner@proxmox.com> <38e3b3b5-a1a6-43d6-b925-1d04d8b1e22d@proxmox.com> Content-Language: en-US, de-DE From: Christian Ebner In-Reply-To: <38e3b3b5-a1a6-43d6-b925-1d04d8b1e22d@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.044 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Subject: Re: [pbs-devel] [PATCH proxmox v7 1/9] s3 client: add crate for AWS s3 compatible object store client X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On 7/11/25 09:42, Thomas Lamprecht wrote: > Am 10.07.25 um 19:06 schrieb Christian Ebner: >> + fn verify_certificate_fingerprint( >> + openssl_valid: bool, >> + context: &mut X509StoreContextRef, >> + expected_fingerprint: Option, >> + trust_openssl: Arc>, >> + ) -> Result, Error> { > > This method seems a bit like it might fit better into a (micro) crate specific for > "cert stuff". FWIW, there is a verify_fingerprint function in the proxmox-client > crate already, this one here seems to be a bit more generic, or well also include > things like the fp_string function for doing &[u8] -> String the client has separately. > > > As both use openssl, i.e. X509StoreContextRef as base, it quite probably can share > most of the implementation. > > FWIW, I'd be even open for a quite specific proxmox-tls-cert-fingerprint micro > crate, as IMO those micro crates to not produce much maintenance cost, especially > if one assembles it after having the use case already in a few places, thus being > pretty likely that the API will work OK that way for new future use cases too. > Note, not promoting creation of trivial things, e.g. the famous leftpad crates, > but TLS (fingerprint) cert verification is not really trivial and can have > critical implications, which then can be IMO enough to justify a micro crate. > > Anyhow, this can be refactored out transparently at any time, so really not > a blocker for getting this client in. There is this series by Dominik which already does try to unify this AFAIK, so refactoring this might be done once that has landed? https://lore.proxmox.com/pbs-devel/20250521084524.829496-1-d.csapak@proxmox.com/ Will adapt the code according to the rest of your other comments for now! _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel