-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase test coverage of IP address support #14
Closed
ereslibre
wants to merge
9
commits into
rustls:feat-ip-address
from
ereslibre:rustls-feat-ip-address
Closed
Increase test coverage of IP address support #14
ereslibre
wants to merge
9
commits into
rustls:feat-ip-address
from
ereslibre:rustls-feat-ip-address
Commits on Dec 11, 2022
-
This was currently broken, since one of the tests required RSA ( = alloc feature) and real time (= std feature). The latter is a mistake, cos tests should really be time-invariant.
Configuration menu - View commit details
-
Copy full SHA for f637c1f - Browse repository at this point
Copy the full SHA f637c1fView commit details -
Implement IP address validation
Introduce `IpAddressRef`, `DnsNameOrIpRef` and the owned type `IpAddress`. Introduce a new public function `verify_is_valid_for_dns_name_or_ip` that validates a given host name or IP address against a certificate. IP addresses are only compared against Subject Alternative Names. It's possible to convert the already existing types `DnsNameRef` and `IpAddressRef` into a `DnsNameOrIpRef` for better ergonomics when calling to `verify_cert_dns_name_or_ip`. The behavior of `verify_cert_dns_name` has not been altered, and works in the same way as it has done until now, so that if `webpki` gets bumped as a dependency, it won't start accepting certificates that would have been rejected until now without notice. Neither `IpAddressRef`, `DnsNameOrIpRef` nor `IpAddress` can be instantiated directly. They must be instantiated through the `try_from_ascii` and `try_from_ascii_str` public functions. This ensures that instances of these types are correct by construction. IPv6 addresses are only validated and supported in their uncompressed form. Signed-off-by: Rafael Fernández López <ereslibre@ereslibre.es>
Configuration menu - View commit details
-
Copy full SHA for 40eb046 - Browse repository at this point
Copy the full SHA 40eb046View commit details -
current_textual_octet is [u8; 3] but it was indexed by an unbounded count of octets if they matched 1..9.
Configuration menu - View commit details
-
Copy full SHA for b170aff - Browse repository at this point
Copy the full SHA b170affView commit details -
Configuration menu - View commit details
-
Copy full SHA for a41d708 - Browse repository at this point
Copy the full SHA a41d708View commit details -
Configuration menu - View commit details
-
Copy full SHA for f39e0b4 - Browse repository at this point
Copy the full SHA f39e0b4View commit details -
textual_octets_to_octet: simplify and satisfy clippy
Seems better to convert from ascii to radix-10 at the time that is known, rather than doing that validation twice (and skipping a digit as an error handling strategy).
Configuration menu - View commit details
-
Copy full SHA for 2c4dbc0 - Browse repository at this point
Copy the full SHA 2c4dbc0View commit details -
Configuration menu - View commit details
-
Copy full SHA for c42b438 - Browse repository at this point
Copy the full SHA c42b438View commit details -
This adds 100% line coverage to the IPv4 and IPv6 subject alternative names validation implementation.
Configuration menu - View commit details
-
Copy full SHA for 1e752c1 - Browse repository at this point
Copy the full SHA 1e752c1View commit details -
This adds 100% line coverage to the IPv4 and IPv6 subject alternative names validation implementation.
Configuration menu - View commit details
-
Copy full SHA for d8cf167 - Browse repository at this point
Copy the full SHA d8cf167View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.