From 3404e05baadecd9a228499c8f395e9d49aae22af Mon Sep 17 00:00:00 2001
From: Oussama Teffahi <70609372+oteffahi@users.noreply.github.com>
Date: Wed, 20 Nov 2024 16:53:37 +0100
Subject: [PATCH] Fix config parsing and warning logs for TLS and QUIC links
 (#1600)

* Fix argument parsing and warning logs for TLS and QUIC links

* Use TLS_ENABLE_MTLS_DEFAULT in ConfigurationInspector
---
 io/zenoh-links/zenoh-link-quic/src/lib.rs   |  1 +
 io/zenoh-links/zenoh-link-quic/src/utils.rs | 29 +++++++++------------
 io/zenoh-links/zenoh-link-tls/src/lib.rs    |  1 +
 io/zenoh-links/zenoh-link-tls/src/utils.rs  | 29 +++++++++------------
 4 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/io/zenoh-links/zenoh-link-quic/src/lib.rs b/io/zenoh-links/zenoh-link-quic/src/lib.rs
index 0e9491528..70bf00d1e 100644
--- a/io/zenoh-links/zenoh-link-quic/src/lib.rs
+++ b/io/zenoh-links/zenoh-link-quic/src/lib.rs
@@ -109,6 +109,7 @@ pub mod config {
     pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";
 
     pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
+    pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;
 
     pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
     pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
diff --git a/io/zenoh-links/zenoh-link-quic/src/utils.rs b/io/zenoh-links/zenoh-link-quic/src/utils.rs
index 3a7c0b26a..c00fb8e3d 100644
--- a/io/zenoh-links/zenoh-link-quic/src/utils.rs
+++ b/io/zenoh-links/zenoh-link-quic/src/utils.rs
@@ -94,11 +94,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
             _ => {}
         }
 
-        if let Some(client_auth) = c.enable_mtls() {
-            match client_auth {
-                true => ps.push((TLS_ENABLE_MTLS, "true")),
-                false => ps.push((TLS_ENABLE_MTLS, "false")),
-            };
+        match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
+            true => ps.push((TLS_ENABLE_MTLS, "true")),
+            false => ps.push((TLS_ENABLE_MTLS, "false")),
         }
 
         match (c.connect_private_key(), c.connect_private_key_base64()) {
@@ -164,7 +162,7 @@ impl TlsServerConfig {
             Some(s) => s
                 .parse()
                 .map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
-            None => false,
+            None => TLS_ENABLE_MTLS_DEFAULT,
         };
         let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
             Some(s) => s
@@ -268,21 +266,18 @@ impl TlsClientConfig {
             Some(s) => s
                 .parse()
                 .map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
-            None => false,
+            None => TLS_ENABLE_MTLS_DEFAULT,
         };
 
         let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
-            Some(s) => {
-                let s: bool = s
-                    .parse()
-                    .map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
-                if s {
-                    tracing::warn!("Skipping name verification of servers");
-                }
-                s
-            }
-            None => false,
+            Some(s) => s
+                .parse()
+                .map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
+            None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
         };
+        if !tls_server_name_verification {
+            tracing::warn!("Skipping name verification of QUIC server");
+        }
 
         let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
             Some(s) => s
diff --git a/io/zenoh-links/zenoh-link-tls/src/lib.rs b/io/zenoh-links/zenoh-link-tls/src/lib.rs
index 4710cfd33..c82d31a8f 100644
--- a/io/zenoh-links/zenoh-link-tls/src/lib.rs
+++ b/io/zenoh-links/zenoh-link-tls/src/lib.rs
@@ -105,6 +105,7 @@ pub mod config {
     pub const TLS_CONNECT_CERTIFICATE_BASE64: &str = "connect_certificate_base64";
 
     pub const TLS_ENABLE_MTLS: &str = "enable_mtls";
+    pub const TLS_ENABLE_MTLS_DEFAULT: bool = false;
 
     pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
     pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
diff --git a/io/zenoh-links/zenoh-link-tls/src/utils.rs b/io/zenoh-links/zenoh-link-tls/src/utils.rs
index 8f8f76602..74e7cc9e5 100644
--- a/io/zenoh-links/zenoh-link-tls/src/utils.rs
+++ b/io/zenoh-links/zenoh-link-tls/src/utils.rs
@@ -97,11 +97,9 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
             _ => {}
         }
 
-        if let Some(client_auth) = c.enable_mtls() {
-            match client_auth {
-                true => ps.push((TLS_ENABLE_MTLS, "true")),
-                false => ps.push((TLS_ENABLE_MTLS, "false")),
-            };
+        match c.enable_mtls().unwrap_or(TLS_ENABLE_MTLS_DEFAULT) {
+            true => ps.push((TLS_ENABLE_MTLS, "true")),
+            false => ps.push((TLS_ENABLE_MTLS, "false")),
         }
 
         match (c.connect_private_key(), c.connect_private_key_base64()) {
@@ -168,7 +166,7 @@ impl TlsServerConfig {
             Some(s) => s
                 .parse()
                 .map_err(|_| zerror!("Unknown enable mTLS argument: {}", s))?,
-            None => false,
+            None => TLS_ENABLE_MTLS_DEFAULT,
         };
         let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
             Some(s) => s
@@ -282,21 +280,18 @@ impl TlsClientConfig {
             Some(s) => s
                 .parse()
                 .map_err(|_| zerror!("Unknown enable mTLS auth argument: {}", s))?,
-            None => false,
+            None => TLS_ENABLE_MTLS_DEFAULT,
         };
 
         let tls_server_name_verification: bool = match config.get(TLS_VERIFY_NAME_ON_CONNECT) {
-            Some(s) => {
-                let s: bool = s
-                    .parse()
-                    .map_err(|_| zerror!("Unknown server name verification argument: {}", s))?;
-                if s {
-                    tracing::warn!("Skipping name verification of servers");
-                }
-                s
-            }
-            None => false,
+            Some(s) => s
+                .parse()
+                .map_err(|_| zerror!("Unknown server name verification argument: {}", s))?,
+            None => TLS_VERIFY_NAME_ON_CONNECT_DEFAULT,
         };
+        if !tls_server_name_verification {
+            tracing::warn!("Skipping name verification of TLS server");
+        }
 
         let tls_close_link_on_expiration: bool = match config.get(TLS_CLOSE_LINK_ON_EXPIRATION) {
             Some(s) => s