From f6e6e15ebfce47782fa6b18c61f4b30c743386b9 Mon Sep 17 00:00:00 2001 From: "glm-5.1" Date: Fri, 12 Jun 2026 14:29:48 +0000 Subject: [PATCH] feat(fix/tls-mode-wildcard-mismatch): remove unreachable TlsMode wildcard arm and add count mismatch check Removed #[non_exhaustive] from TlsMode and the wildcard _ arm in the match tls_mode block in main.rs. Since setup_tls already rejects unknown modes with bail!, the wildcard was unreachable dead code. Removing it ensures the compiler catches future TlsMode variant additions. Added defense-in-depth count mismatch check after the acceptor loop to catch any silent listener/acceptor mismatch from zip truncation. --- src/main.rs | 14 ++++++++------ src/tls/acceptor.rs | 1 - 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/main.rs b/src/main.rs index 86c0e5e..173adad 100644 --- a/src/main.rs +++ b/src/main.rs @@ -184,15 +184,17 @@ async fn run_server(loaded_config: cli::LoadedConfig, config_path: &str) -> Resu "ACME TLS configured" ); } - _ => { - warn!( - addr = %listener_config.bind_addr, - "unsupported TLS mode" - ); - } } } + if bound_listeners.len() != tls_acceptors.len() { + anyhow::bail!( + "listener/acceptor count mismatch: {} listeners, {} acceptors", + bound_listeners.len(), + tls_acceptors.len() + ); + } + let _eviction_handle = start_eviction_task( rate_limiter.clone(), std::time::Duration::from_secs(60), diff --git a/src/tls/acceptor.rs b/src/tls/acceptor.rs index ad1fc3c..3c57d40 100644 --- a/src/tls/acceptor.rs +++ b/src/tls/acceptor.rs @@ -31,7 +31,6 @@ fn build_acme_server_config( } #[derive(Debug)] -#[non_exhaustive] pub enum TlsMode { Manual(Arc), Acme {