Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
resolver: err for dns-over-rustls w/o roots
If we find that we've constructed a Rustls root cert store that has no trust anchors, return an early error. This makes the problem obvious and avoids surfacing some other less specific error cause when we first try to validate a peer certificate with an empty root store. In order for our new early error to be surfaced correctly the `name_sever_pool.rs` `parallel_conn_loop` fn needs its error handling adjusted. Previously it would always compare the new error produced by trying to build the TLS config against the default error it starts its loop with, `ProtoErrorKind::NoConnections`. Since the error being returned is another `ProtoErrorKind`, and the error specificity comparison considers two `ProtoErrorKinds` equivalent in the general case, the default error was always returned and the new error thrown away.
- Loading branch information