feat: client verifies server's TLS certificate by default

Configuration setting can disable it.

7 files changed, 11 insertions, 9 deletions

diff --git a/src/backup_run.rs b/src/backup_run.rs
index ae3731d..05d5988 100644
--- a/src/backup_run.rs
+++ b/src/backup_run.rs
@@ -31,7 +31,7 @@ pub type BackupResult<T> = Result<T, BackupError>;
 
 impl BackupRun {
     pub fn new(config: &ClientConfig, buffer_size: usize) -> BackupResult<Self> {
-        let client = BackupClient::new(&config.server_url)?;
+        let client = BackupClient::new(config)?;
         let policy = BackupPolicy::new();
         let progress = BackupProgress::new();
         Ok(Self {
diff --git a/src/client.rs b/src/client.rs
index 3d3b2a5..7cd6df7 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -20,6 +20,7 @@ use std::path::{Path, PathBuf};
 #[derive(Debug, Serialize, Deserialize, Clone)]
 pub struct ClientConfig {
     pub server_url: String,
+    pub verify_tls_cert: bool,
     pub root: PathBuf,
     pub log: Option<PathBuf>,
 }
@@ -105,13 +106,14 @@ pub struct BackupClient {
 }
 
 impl BackupClient {
-    pub fn new(base_url: &str) -> ClientResult<Self> {
+    pub fn new(config: &ClientConfig) -> ClientResult<Self> {
+        info!("creating backup client with config: {:#?}", config);
         let client = Client::builder()
-            .danger_accept_invalid_certs(true)
+            .danger_accept_invalid_certs(!config.verify_tls_cert)
             .build()?;
         Ok(Self {
             client,
-            base_url: base_url.to_string(),
+            base_url: config.server_url.to_string(),
         })
     }
 
diff --git a/src/cmd/get_chunk.rs b/src/cmd/get_chunk.rs
index c1d7590..385c4d5 100644
--- a/src/cmd/get_chunk.rs
+++ b/src/cmd/get_chunk.rs
@@ -5,7 +5,7 @@ use crate::error::ObnamError;
 use std::io::{stdout, Write};
 
 pub fn get_chunk(config: &ClientConfig, chunk_id: &str) -> Result<(), ObnamError> {
-    let client = BackupClient::new(&config.server_url)?;
+    let client = BackupClient::new(config)?;
     let chunk_id: ChunkId = chunk_id.parse().unwrap();
     let chunk = client.fetch_chunk(&chunk_id)?;
 
diff --git a/src/cmd/list.rs b/src/cmd/list.rs
index ce19a72..a3f059b 100644
--- a/src/cmd/list.rs
+++ b/src/cmd/list.rs
@@ -2,7 +2,7 @@ use crate::client::{BackupClient, ClientConfig};
 use crate::error::ObnamError;
 
 pub fn list(config: &ClientConfig) -> Result<(), ObnamError> {
-    let client = BackupClient::new(&config.server_url)?;
+    let client = BackupClient::new(config)?;
 
     let generations = client.list_generations()?;
     for finished in generations.iter() {
diff --git a/src/cmd/list_files.rs b/src/cmd/list_files.rs
index b240d5a..38048ec 100644
--- a/src/cmd/list_files.rs
+++ b/src/cmd/list_files.rs
@@ -14,7 +14,7 @@ pub fn list_files(config: &ClientConfig, gen_ref: &str) -> Result<(), ObnamError
         dbname
     };
 
-    let client = BackupClient::new(&config.server_url)?;
+    let client = BackupClient::new(config)?;
 
     let genlist = client.list_generations()?;
     let gen_id: String = genlist.resolve(gen_ref)?;
diff --git a/src/cmd/restore.rs b/src/cmd/restore.rs
index 16d5320..a0f5ec0 100644
--- a/src/cmd/restore.rs
+++ b/src/cmd/restore.rs
@@ -25,7 +25,7 @@ pub fn restore(config: &ClientConfig, gen_ref: &str, to: &Path) -> Result<(), Ob
         dbname
     };
 
-    let client = BackupClient::new(&config.server_url)?;
+    let client = BackupClient::new(config)?;
 
     let genlist = client.list_generations()?;
     let gen_id: String = genlist.resolve(gen_ref)?;
diff --git a/src/cmd/show_gen.rs b/src/cmd/show_gen.rs
index 3dcdbf2..c7a4bdd 100644
--- a/src/cmd/show_gen.rs
+++ b/src/cmd/show_gen.rs
@@ -14,7 +14,7 @@ pub fn show_generation(config: &ClientConfig, gen_ref: &str) -> Result<(), Obnam
         dbname
     };
 
-    let client = BackupClient::new(&config.server_url)?;
+    let client = BackupClient::new(config)?;
 
     let genlist = client.list_generations()?;
     let gen_id: String = genlist.resolve(gen_ref)?;