fix(core): gate RawKey TLS helpers on quinn+iroh for clean iroh-only builds (task: core/review-core)

The RawKeyCertResolver, Ed25519SigningKey, and std::path::Path imports
were gated on #[cfg(feature = "iroh")] but are only used in the quinn
TLS server-config path (build_rustls_server_config RawKey arm). With
iroh-only builds (--no-default-features --features iroh), these became
dead code and triggered clippy -D warnings failures.

Re-gated to #[cfg(all(feature = "quinn", feature = "iroh"))] so they
only compile when both features are active (the combination that
actually uses raw-key TLS via quinn). std::path::Path is now
#[cfg(feature = "quinn")] since it is only used by quinn's
load_cert_chain/load_private_key helpers.

Verified: cargo clippy passes with -D warnings across all four feature
combinations (none, quinn, iroh, quinn+iroh). cargo test --all-features
passes 55 tests. cargo fmt --check clean.
This commit is contained in:
2026-06-23 15:31:42 +00:00
parent 60556bbe0c
commit 4774364c72

View File

@@ -6,7 +6,7 @@ use std::collections::HashMap;
use std::io;
#[cfg(any(feature = "quinn", feature = "iroh"))]
use std::net::SocketAddr;
#[cfg(any(feature = "quinn", feature = "iroh"))]
#[cfg(feature = "quinn")]
use std::path::Path;
use std::sync::Arc;
#[cfg(any(feature = "quinn", feature = "iroh"))]
@@ -562,12 +562,12 @@ fn generate_self_signed_cert() -> Result<SelfSignedCert, EndpointError> {
})
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
struct RawKeyCertResolver {
key: Arc<rustls::sign::CertifiedKey>,
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl RawKeyCertResolver {
fn new(secret_key: &iroh::SecretKey) -> Self {
let signing_key = Arc::new(Ed25519SigningKey::new(secret_key.clone()));
@@ -580,7 +580,7 @@ impl RawKeyCertResolver {
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl rustls::server::ResolvesServerCert for RawKeyCertResolver {
fn resolve(
&self,
@@ -594,27 +594,27 @@ impl rustls::server::ResolvesServerCert for RawKeyCertResolver {
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl std::fmt::Debug for RawKeyCertResolver {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("RawKeyCertResolver").finish()
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
#[derive(Clone)]
struct Ed25519SigningKey {
key: iroh::SecretKey,
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl std::fmt::Debug for Ed25519SigningKey {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("Ed25519SigningKey").finish()
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl Ed25519SigningKey {
fn new(key: iroh::SecretKey) -> Self {
Self { key }
@@ -628,7 +628,7 @@ impl Ed25519SigningKey {
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl rustls::sign::SigningKey for Ed25519SigningKey {
fn choose_scheme(
&self,
@@ -650,7 +650,7 @@ impl rustls::sign::SigningKey for Ed25519SigningKey {
}
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
impl rustls::sign::Signer for Ed25519SigningKey {
fn sign(&self, message: &[u8]) -> Result<Vec<u8>, rustls::Error> {
Ok(self.key.sign(message).to_bytes().to_vec())
@@ -823,7 +823,7 @@ mod tests {
assert!(auth.tls_client_fingerprint.is_some());
}
#[cfg(feature = "iroh")]
#[cfg(all(feature = "quinn", feature = "iroh"))]
#[test]
fn raw_key_cert_resolver_only_raw_public_keys() {
use rustls::server::ResolvesServerCert;