Add option to make SSL connections to the database

[tankyleo]

Fixes #56

[ldk-reviews-bot]

👋 Thanks for assigning @tnull as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[tnull]

Can we add these with default-features = false to ensure we're not pulling in any unnecessary dependencies?

[tnull]

Rather than always using openssl, should we rather use native-tls to account for different TLS backends on different platforms? https://github.com/sfackler/rust-native-tls

[tnull]

Do we really always require a certificate file for the service? Can't we 'usually' just use PKI?

[tankyleo]

certainly thank you

[tnull]

Seems like this could be DRYed up with the code above?

[tnull]

Mostly looks good I think, but the copied code makes it unnecessarily hard to review, IMO. Could we try to DRY it up a bit more?

As follow-ups we also might want to consider to enable certificate pinning and TOFU as best practices. Maybe worth opening issues for these?

[tnull]

I do wonder if it makes sense to read the file once rather than in different places, and have the Tls variant hold a override_cert: Option<Certificate> or similar?

[tnull]

Hmm, not the biggest fan of duplicating the init logic. Can we maybe move everything that's not related to TLS to shared helper methods?

[tankyleo]

Mostly looks good I think, but the copied code makes it unnecessarily hard to review, IMO. Could we try to DRY it up a bit more?

Thanks for the nudge, I think things look better now take a look

As follow-ups we also might want to consider to enable certificate pinning and TOFU as best practices. Maybe worth opening issues for these?

Done

[tnull]

Mostly looks good, feel free to squash the fixups.

One question

[tnull]

Should we print an error message and error out via std::process::exit(-1); rather than just unwraping here and elsewhere?

In particular, this might happen frequently if the user gives a wrong path or the file is not readable.

[tankyleo]

Thanks squashed with the following diff:

diff --git a/rust/server/src/main.rs b/rust/server/src/main.rs
index 2b36df6..38fdccd 100644
--- a/rust/server/src/main.rs
+++ b/rust/server/src/main.rs
@@ -73,14 +73,40 @@ fn main() {
 		let db_name = postgresql_config.database;
 		let store: Arc<dyn KvStore> = if let Some(tls_config) = postgresql_config.tls {
 			let additional_certificate = tls_config.ca_file.map(|file| {
-				let cert = std::fs::read(&file).unwrap();
-				Certificate::from_pem(&cert).unwrap()
+				let certificate = match std::fs::read(&file) {
+					Ok(cert) => cert,
+					Err(e) => {
+						println!("Failed to read certificate file: {}", e);
+						std::process::exit(-1);
+					},
+				};
+				match Certificate::from_pem(&certificate) {
+					Ok(cert) => cert,
+					Err(e) => {
+						println!("Failed to parse certificate file: {}", e);
+						std::process::exit(-1);
+					},
+				}
 			});
-			Arc::new(
-				PostgresTlsBackend::new(&endpoint, &db_name, additional_certificate).await.unwrap(),
-			)
+			let postgres_tls_backend =
+				match PostgresTlsBackend::new(&endpoint, &db_name, additional_certificate).await {
+					Ok(backend) => backend,
+					Err(e) => {
+						println!("Failed to start postgres tls backend: {}", e);
+						std::process::exit(-1);
+					},
+				};
+			Arc::new(postgres_tls_backend)
 		} else {
-			Arc::new(PostgresPlaintextBackend::new(&endpoint, &db_name).await.unwrap())
+			let postgres_plaintext_backend =
+				match PostgresPlaintextBackend::new(&endpoint, &db_name).await {
+					Ok(backend) => backend,
+					Err(e) => {
+						println!("Failed to start postgres plaintext backend: {}", e);
+						std::process::exit(-1);
+					},
+				};
+			Arc::new(postgres_plaintext_backend)
 		};
 		println!("Connected to PostgreSQL backend with DSN: {}/{}", endpoint, db_name);
 		let rest_svc_listener =