From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from gate001.proxmox.com (gate001.proxmox.com [45.144.208.40]) by lore.proxmox.com (Postfix) with ESMTPS id 816001FF13E for ; Wed, 01 Jul 2026 15:36:07 +0200 (CEST) Received: from gate001.proxmox.com (localhost.localdomain [127.0.0.1]) by gate001.proxmox.com (Proxmox) with ESMTP id 6B07421454; Wed, 01 Jul 2026 15:35:56 +0200 (CEST) Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 01 Jul 2026 15:35:51 +0200 Message-Id: Subject: Re: [PATCH proxmox-websocket-tunnel v4 8/8] use proxmox-http's openssl callback To: "Dominik Csapak" , , X-Mailer: aerc 0.20.0 References: <20260701103120.1593265-1-d.csapak@proxmox.com> <20260701103120.1593265-9-d.csapak@proxmox.com> In-Reply-To: <20260701103120.1593265-9-d.csapak@proxmox.com> From: "Shannon Sterz" X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1782912946638 X-SPAM-LEVEL: Spam detection results: 0 DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment (newer systems) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 2PL62OIC7QUPGSAZJ4L25YEH6S3N6W64 X-Message-ID-Hash: 2PL62OIC7QUPGSAZJ4L25YEH6S3N6W64 X-MailFrom: s.sterz@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed Jul 1, 2026 at 12:30 PM CEST, Dominik Csapak wrote: > no functional change intended, since the callback there should implement > the same behavior. > > With this change, we can now drop the hex and itertools dependency. > > Signed-off-by: Dominik Csapak > --- > Cargo.toml | 4 +-- > src/main.rs | 76 +++++++++++++++++++++++++---------------------------- > 2 files changed, 37 insertions(+), 43 deletions(-) > > diff --git a/Cargo.toml b/Cargo.toml > index 02ac3d1..7b5ced6 100644 > --- a/Cargo.toml > +++ b/Cargo.toml > @@ -13,11 +13,9 @@ anyhow =3D "1.0" > proxmox-base64 =3D "1" > futures =3D "0.3" > futures-util =3D "0.3" > -hex =3D "0.4" > http =3D "1" > hyper =3D "1" > hyper-util =3D "0.1" > -itertools =3D "0.13" > openssl =3D "0.10" > percent-encoding =3D "2" > serde =3D { version =3D "1.0", features =3D ["derive"] } > @@ -26,5 +24,5 @@ tokio =3D { version =3D "1", features =3D ["io-std", "i= o-util", "macros", "rt-multi-th > tokio-stream =3D { version =3D "0.1", features =3D ["io-util"] } > tokio-util =3D "0.7" > > -proxmox-http =3D { version =3D "1", features =3D ["websocket", "client"]= } > +proxmox-http =3D { version =3D "1", features =3D ["websocket", "client",= "tls"] } > proxmox-sys =3D "1" > diff --git a/src/main.rs b/src/main.rs > index 6d86575..b79528e 100644 > --- a/src/main.rs > +++ b/src/main.rs > @@ -1,6 +1,7 @@ > use anyhow::{bail, format_err, Error}; > > use std::collections::VecDeque; > +use std::str::FromStr; > use std::sync::Arc; > > use futures::future::FutureExt; > @@ -25,7 +26,7 @@ use tokio_stream::StreamExt; > > use proxmox_http::client::HttpsConnector; > use proxmox_http::websocket::{OpCode, WebSocket, WebSocketReader, WebSoc= ketWriter}; > -use proxmox_http::Body; > +use proxmox_http::{Body, Fingerprint, SslVerifyError}; > > #[derive(Serialize, Deserialize, Debug)] > #[serde(rename_all =3D "kebab-case")] > @@ -141,49 +142,44 @@ impl CtrlTunnel { -->8 snip 8<-- > headers.insert(name, value); > + move |valid, ctx| match proxmox_http::openssl_verify_cal= lback( > + valid, > + ctx, > + fingerprint.clone(), > + ) { > + Ok(()) =3D> true, > + Err(err) =3D> { > + match err { > + SslVerifyError::NoCertificate =3D> { > + eprintln!("SSL context lacks current cer= tificate"); > + } similar to the nit in 6/8. though this is imo already better, but i'd personally would like to avoid the word "context". -->8 snip 8<--