@@ -282,9 +282,15 @@ impl CertificateCache {
282282 revoked_certs
283283 }
284284
285- pub async fn update_certificates_mut ( & mut self ) -> Result < CertificateCacheUpdate , SamplyBeamError > {
285+ pub async fn update_certificates_mut (
286+ & mut self ,
287+ ) -> Result < CertificateCacheUpdate , SamplyBeamError > {
286288 debug ! ( "Updating certificates via network ..." ) ;
287- let certificate_list = CERT_GETTER . get ( ) . unwrap ( ) . certificate_list_via_network ( ) . await ?;
289+ let certificate_list = CERT_GETTER
290+ . get ( )
291+ . unwrap ( )
292+ . certificate_list_via_network ( )
293+ . await ?;
288294 let certificate_revocation_list = CERT_GETTER . get ( ) . unwrap ( ) . get_crl ( ) . await ?;
289295 // Check if any of the certs in the cache have been revoked
290296 let mut revoked_certs = certificate_revocation_list
@@ -303,32 +309,28 @@ impl CertificateCache {
303309 ) ;
304310
305311 let mut new_count = 0 ;
306- //TODO Check for validity
307- for serial in new_certificate_serials {
312+ let cert_getter = CERT_GETTER . get ( ) . unwrap ( ) ;
313+ let cert_pems = new_certificate_serials
314+ . iter ( )
315+ . map ( |s| cert_getter. certificate_by_serial_as_pem ( s) )
316+ . collect :: < futures:: future:: JoinAll < _ > > ( )
317+ . await ;
318+ for ( serial, cert_pem) in new_certificate_serials. into_iter ( ) . zip ( cert_pems) {
308319 debug ! ( "Checking certificate with serial {serial}" ) ;
309320
310- let certificate = CERT_GETTER
311- . get ( )
312- . unwrap ( )
313- . certificate_by_serial_as_pem ( serial)
314- . await ;
315- if let Err ( e) = certificate {
316- match e {
317- SamplyBeamError :: CertificateError ( err) => {
318- debug ! ( "Will skip invalid certificate {serial} from now on." ) ;
319- self . serial_to_x509
320- . insert ( serial. clone ( ) , CertificateCacheEntry :: Invalid ( err) ) ;
321- }
322- other_error => {
323- warn ! (
324- "Could not retrieve certificate for serial {serial}: {}" ,
325- other_error
326- ) ;
327- }
328- } ;
329- continue ;
330- }
331- let certificate = certificate. unwrap ( ) ;
321+ let certificate = match cert_pem {
322+ Err ( SamplyBeamError :: CertificateError ( err) ) => {
323+ debug ! ( "Will skip invalid certificate {serial} from now on." ) ;
324+ self . serial_to_x509
325+ . insert ( serial. clone ( ) , CertificateCacheEntry :: Invalid ( err) ) ;
326+ continue ;
327+ } ,
328+ Err ( other_error) => {
329+ warn ! ( "Could not retrieve certificate for serial {serial}: {other_error}" ) ;
330+ continue ;
331+ }
332+ Ok ( cert) => cert,
333+ } ;
332334 let opensslcert = match X509 :: from_pem ( certificate. as_bytes ( ) ) {
333335 Ok ( x) => x,
334336 Err ( err) => {
0 commit comments