public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Shannon Sterz" <s.sterz@proxmox.com>
To: "Dominik Csapak" <d.csapak@proxmox.com>,
	<pve-devel@lists.proxmox.com>, <pbs-devel@lists.proxmox.com>
Subject: Re: [PATCH proxmox-websocket-tunnel v4 8/8] use proxmox-http's openssl callback
Date: Wed, 01 Jul 2026 15:35:51 +0200	[thread overview]
Message-ID: <DJN9W6MUGURW.3HVUT8F04NPTZ@proxmox.com> (raw)
In-Reply-To: <20260701103120.1593265-9-d.csapak@proxmox.com>

On Wed Jul 1, 2026 at 12:30 PM CEST, Dominik Csapak wrote:
> no functional change intended, since the callback there should implement
> the same behavior.
>
> With this change, we can now drop the hex and itertools dependency.
>
> Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
> ---
>  Cargo.toml  |  4 +--
>  src/main.rs | 76 +++++++++++++++++++++++++----------------------------
>  2 files changed, 37 insertions(+), 43 deletions(-)
>
> diff --git a/Cargo.toml b/Cargo.toml
> index 02ac3d1..7b5ced6 100644
> --- a/Cargo.toml
> +++ b/Cargo.toml
> @@ -13,11 +13,9 @@ anyhow = "1.0"
>  proxmox-base64 = "1"
>  futures = "0.3"
>  futures-util = "0.3"
> -hex = "0.4"
>  http = "1"
>  hyper = "1"
>  hyper-util = "0.1"
> -itertools = "0.13"
>  openssl = "0.10"
>  percent-encoding = "2"
>  serde = { version = "1.0", features = ["derive"] }
> @@ -26,5 +24,5 @@ tokio = { version = "1", features = ["io-std", "io-util", "macros", "rt-multi-th
>  tokio-stream = { version = "0.1", features = ["io-util"] }
>  tokio-util = "0.7"
>
> -proxmox-http = { version = "1", features = ["websocket", "client"] }
> +proxmox-http = { version = "1", features = ["websocket", "client", "tls"] }
>  proxmox-sys = "1"
> diff --git a/src/main.rs b/src/main.rs
> index 6d86575..b79528e 100644
> --- a/src/main.rs
> +++ b/src/main.rs
> @@ -1,6 +1,7 @@
>  use anyhow::{bail, format_err, Error};
>
>  use std::collections::VecDeque;
> +use std::str::FromStr;
>  use std::sync::Arc;
>
>  use futures::future::FutureExt;
> @@ -25,7 +26,7 @@ use tokio_stream::StreamExt;
>
>  use proxmox_http::client::HttpsConnector;
>  use proxmox_http::websocket::{OpCode, WebSocket, WebSocketReader, WebSocketWriter};
> -use proxmox_http::Body;
> +use proxmox_http::{Body, Fingerprint, SslVerifyError};
>
>  #[derive(Serialize, Deserialize, Debug)]
>  #[serde(rename_all = "kebab-case")]
> @@ -141,49 +142,44 @@ impl CtrlTunnel {

-->8 snip 8<--
>              headers.insert(name, value);
> +                move |valid, ctx| match proxmox_http::openssl_verify_callback(
> +                    valid,
> +                    ctx,
> +                    fingerprint.clone(),
> +                ) {
> +                    Ok(()) => true,
> +                    Err(err) => {
> +                        match err {
> +                            SslVerifyError::NoCertificate => {
> +                                eprintln!("SSL context lacks current certificate");
> +                            }

similar to the nit in 6/8. though this is imo already better, but i'd
personally would like to avoid the word "context".

-->8 snip 8<--




  reply	other threads:[~2026-07-01 13:36 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-01 10:30 [PATCH proxmox{,-backup,-websocket-tunnel} v4 0/8] unify openssl callback logic Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox v4 1/8] http: factor out openssl verification callback Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox v4 2/8] http: tls: use legacy behavior when PROXMOX_OLD_TLS_CHECK is set to "1" Dominik Csapak
2026-07-01 13:36   ` Shannon Sterz
2026-07-01 10:30 ` [PATCH proxmox v4 3/8] http: tls: add warning if old check behavior is enabled and triggered Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox v4 4/8] http: tls: add integration tests for openssl verify callbacks Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox v4 5/8] client: use proxmox-http's openssl verification callback Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox-backup v4 6/8] pbs-client: use proxmox-https openssl callback Dominik Csapak
2026-07-01 13:36   ` Shannon Sterz
2026-07-01 10:30 ` [PATCH proxmox-backup v4 7/8] pbs-client: honor already verified fingerprint Dominik Csapak
2026-07-01 10:30 ` [PATCH proxmox-websocket-tunnel v4 8/8] use proxmox-http's openssl callback Dominik Csapak
2026-07-01 13:35   ` Shannon Sterz [this message]
2026-07-01 13:35 ` [PATCH proxmox{,-backup,-websocket-tunnel} v4 0/8] unify openssl callback logic Shannon Sterz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJN9W6MUGURW.3HVUT8F04NPTZ@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=d.csapak@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal