Fail TLS listener gracefully

Author: Redrield

server/src/server.rs

@@ -62,7 +62,13 @@ async fn tcp_loop(state: Arc<Mutex<NTServer>>, tx: Sender<ServerMessage>) -> any
 
 async fn tls_loop(state: Arc<Mutex<NTServer>>, tx: Sender<ServerMessage>) -> anyhow::Result<()> {
     let listener = TcpListener::bind("0.0.0.0:5811").await?;
-    let acceptor = generate_acceptor();
+    let acceptor = match generate_acceptor() {
+        Ok(acceptor) => acceptor,
+        Err(e) => {
+            log::error!("Unable to initialize TLS port: {}", e);
+            return Ok(());
+        }
+    };
 
     while let Ok((sock, addr)) = listener.accept().await {
         log::info!("Secure TCP connection at {}", addr);

server/src/server/tls.rs

@@ -3,24 +3,24 @@ use rustls::{PrivateKey, Certificate, ServerConfig, NoClientAuth};
 use std::io::BufReader;
 use std::fs::File;
 use async_tls::TlsAcceptor;
+use anyhow::Result;
 
-fn load_key() -> Vec<PrivateKey> {
-    pkcs8_private_keys(&mut BufReader::new(File::open("./NT4.key").unwrap()))
-        .unwrap()
+fn load_key() -> Result<Vec<PrivateKey>> {
+    pkcs8_private_keys(&mut BufReader::new(File::open("./NT4.key")?))
+        .map_err(|_| anyhow::anyhow!("Unable to decode PKCS8 private key"))
 }
 
-fn load_cert() -> Vec<Certificate> {
-    certs(&mut BufReader::new(File::open("./NT4.crt.sgn").unwrap()))
-        .unwrap()
+fn load_cert() -> Result<Vec<Certificate>> {
+    certs(&mut BufReader::new(File::open("./NT4.crt.sgn")?))
+        .map_err(|_| anyhow::anyhow!("Unable to decode certificate"))
 }
 
-pub fn generate_acceptor() -> TlsAcceptor {
-    let mut keys = load_key();
-    let cert = load_cert();
+pub fn generate_acceptor() -> Result<TlsAcceptor> {
+    let mut keys = load_key()?;
+    let cert = load_cert()?;
 
     let mut config = ServerConfig::new(NoClientAuth::new());
-    config.set_single_cert(cert, keys.remove(0))
-        .unwrap();
+    config.set_single_cert(cert, keys.remove(0))?;
 
-    TlsAcceptor::from(config)
-}
+    Ok(TlsAcceptor::from(config))
+}