in rust-query-crlite/src/main.rs [470:508]
fn query_https_addr(
db: &CRLiteDB,
host: &str,
addr: &SocketAddr,
tls_config: Arc<rustls::ClientConfig>,
) -> Result<CmdResult, CRLiteDBError> {
let server_name = rustls::ServerName::try_from(host)
.map_err(|_| CRLiteDBError::from(format!("invalid DNS name: {}", host)))?;
let mut conn = rustls::ClientConnection::new(Arc::clone(&tls_config), server_name)
.map_err(|e| CRLiteDBError::from(format!("{}: tls error: {}", host, e)))?;
let mut sock = TcpStream::connect(addr)
.map_err(|e| CRLiteDBError::from(format!("{}: tcp error: {}", host, e)))?;
let mut tls = rustls::Stream::new(&mut conn, &mut sock);
tls.flush() // finish the handshake
.map_err(|e| CRLiteDBError::from(format!("{}: tls error: {}", host, e)))?;
let certs = conn
.peer_certificates()
.ok_or_else(|| CRLiteDBError::from("no peer certificates"))?;
let (_, cert) = X509Certificate::from_der(certs[0].as_ref())
.map_err(|_| CRLiteDBError::from("could not parse certificate"))?;
debug!("Loaded certificate from {}", host);
let status = db.query(&cert);
match status {
Status::Expired => warn!("{} {:?}", host, status),
Status::Good => info!("{} {:?}", host, status),
Status::NotCovered => warn!("{} {:?}", host, status),
Status::NotEnrolled => warn!("{} {:?}", host, status),
Status::Revoked => error!("{} {:?}", host, status),
}
match status {
Status::Revoked => Ok(CmdResult::SomeRevoked),
_ => Ok(CmdResult::NoneRevoked),
}
}