diff --git a/sqlx-core/src/net/tls/mod.rs b/sqlx-core/src/net/tls/mod.rs index 9894c78f01..4eab774ff2 100644 --- a/sqlx-core/src/net/tls/mod.rs +++ b/sqlx-core/src/net/tls/mod.rs @@ -138,14 +138,14 @@ async fn configure_tls_connector( builder.add_root_certificate(cert); } + } - // authentication using user's key-file and its associated certificate - if let (Some(cert_path), Some(key_path)) = (client_cert_path, client_key_path) { - let cert_path = cert_path.data().await?; - let key_path = key_path.data().await?; - let identity = Identity::from_pkcs8(&cert_path, &key_path)?; - builder.identity(identity); - } + // authentication using user's key-file and its associated certificate + if let (Some(cert_path), Some(key_path)) = (client_cert_path, client_key_path) { + let cert_path = cert_path.data().await?; + let key_path = key_path.data().await?; + let identity = Identity::from_pkcs8(&cert_path, &key_path)?; + builder.identity(identity); } #[cfg(not(feature = "_rt-async-std"))] diff --git a/sqlx-core/src/net/tls/rustls.rs b/sqlx-core/src/net/tls/rustls.rs index 136937f6bb..7459318e75 100644 --- a/sqlx-core/src/net/tls/rustls.rs +++ b/sqlx-core/src/net/tls/rustls.rs @@ -16,12 +16,34 @@ pub async fn configure_tls_connector( client_cert_path: Option<&CertificateInput>, client_key_path: Option<&CertificateInput>, ) -> Result { - let mut config = ClientConfig::builder().with_safe_defaults(); + let config = ClientConfig::builder().with_safe_defaults(); + + // authentication using user's key and its associated certificate + let user_auth = match (client_cert_path, client_key_path) { + (Some(cert_path), Some(key_path)) => { + let cert_chain = certs_from_pem(cert_path.data().await?)?; + let key_der = private_key_from_pem(key_path.data().await?)?; + Some((cert_chain, key_der)) + } + (None, None) => None, + (_, _) => { + return Err(Error::Configuration( + "user auth key and certs must be given together".into(), + )) + } + }; let config = if accept_invalid_certs { - config - .with_custom_certificate_verifier(Arc::new(DummyTlsVerifier)) - .with_no_client_auth() + if let Some(user_auth) = user_auth { + config + .with_custom_certificate_verifier(Arc::new(DummyTlsVerifier)) + .with_single_cert(user_auth.0, user_auth.1) + .map_err(|err| Error::Tls(err.into()))? + } else { + config + .with_custom_certificate_verifier(Arc::new(DummyTlsVerifier)) + .with_no_client_auth() + } } else { let mut cert_store = RootCertStore::empty(); cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { @@ -45,21 +67,6 @@ pub async fn configure_tls_connector( } } - // authentication using user's key and its associated certificate - let user_auth = match (client_cert_path, client_key_path) { - (Some(cert_path), Some(key_path)) => { - let cert_chain = certs_from_pem(cert_path.data().await?)?; - let key_der = private_key_from_pem(key_path.data().await?)?; - Some((cert_chain, key_der)) - } - (None, None) => None, - (_, _) => { - return Err(Error::Configuration( - "user auth key and certs must be given together".into(), - )) - } - }; - if accept_invalid_hostnames { let verifier = WebPkiVerifier::new(cert_store, None); diff --git a/sqlx-core/src/sqlite/statement/handle.rs b/sqlx-core/src/sqlite/statement/handle.rs index af53c07906..f2d0a41b3e 100644 --- a/sqlx-core/src/sqlite/statement/handle.rs +++ b/sqlx-core/src/sqlite/statement/handle.rs @@ -385,10 +385,11 @@ impl Notify { } fn wait(&self) { - let _ = self - .condvar - .wait_while(self.mutex.lock().unwrap(), |fired| !*fired) - .unwrap(); + drop( + self.condvar + .wait_while(self.mutex.lock().unwrap(), |fired| !*fired) + .unwrap(), + ); } fn fire(&self) {