fixes

dnapi-rs/src/client_blocking.rs

@@ -101,6 +101,8 @@ impl Client {
     }
 
     /// Send a signed message to the DNClient API to learn if there is a new configuration available.
+    /// # Errors
+    /// This function returns an error if the dnclient request fails, or the server returns invalid data.
     pub fn check_for_update(&self, creds: &Credentials) -> Result<bool, Box<dyn Error>> {
         let body = self.post_dnclient(CHECK_FOR_UPDATE, &[], &creds.host_id, creds.counter, &creds.ed_privkey)?;
 
@@ -113,6 +115,13 @@ impl Client {
     /// DH X25519 keypair is generated for the new Nebula certificate as well as a new Ed25519 keypair for DNClient API
     /// communication. On success it returns the new config, a Nebula private key PEM to be inserted into the config
     /// and new DNClient API credentials
+    /// # Errors
+    /// This function returns an error in any of the following scenarios:
+    /// - if the message could not be serialized
+    /// - if the request fails
+    /// - if the response could not be deserialized
+    /// - if the signature is invalid
+    /// - if the keys are invalid
     pub fn do_update(&self, creds: &Credentials) -> Result<(NebulaConfig, DHPrivateKeyPEM, Credentials), Box<dyn Error>> {
         let (dh_pubkey_pem, dh_privkey_pem, ed_pubkey, ed_privkey) = new_keys();
 
@@ -130,7 +139,7 @@ impl Client {
 
         let mut valid = false;
 
-        for ca_pubkey in creds.trusted_keys {
+        for ca_pubkey in &creds.trusted_keys {
             if ca_pubkey.verify(&result_wrapper.data.message, &Signature::from_slice(&result_wrapper.data.signature)?).is_ok() {
                 valid = true;
                 break;