-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase test coverage of IP address support #14
Closed
ereslibre
wants to merge
9
commits into
rustls:feat-ip-address
from
ereslibre:rustls-feat-ip-address
Closed
Increase test coverage of IP address support #14
ereslibre
wants to merge
9
commits into
rustls:feat-ip-address
from
ereslibre:rustls-feat-ip-address
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ereslibre
changed the title
WIP: increase test coverage
WIP: increase test coverage of IP address support
Nov 25, 2022
Codecov Report
@@ Coverage Diff @@
## main #14 +/- ##
==========================================
+ Coverage 74.60% 81.48% +6.88%
==========================================
Files 19 20 +1
Lines 1788 2377 +589
==========================================
+ Hits 1334 1937 +603
+ Misses 454 440 -14
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
12 times, most recently
from
November 29, 2022 20:42
fb34551
to
708d649
Compare
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
from
December 11, 2022 10:38
708d649
to
2939e75
Compare
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
from
December 11, 2022 10:40
2939e75
to
c6c256a
Compare
ereslibre
changed the title
WIP: increase test coverage of IP address support
Increase test coverage of IP address support
Dec 11, 2022
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
from
December 11, 2022 10:50
c6c256a
to
f48fd82
Compare
This was currently broken, since one of the tests required RSA ( = alloc feature) and real time (= std feature). The latter is a mistake, cos tests should really be time-invariant.
Introduce `IpAddressRef`, `DnsNameOrIpRef` and the owned type `IpAddress`. Introduce a new public function `verify_is_valid_for_dns_name_or_ip` that validates a given host name or IP address against a certificate. IP addresses are only compared against Subject Alternative Names. It's possible to convert the already existing types `DnsNameRef` and `IpAddressRef` into a `DnsNameOrIpRef` for better ergonomics when calling to `verify_cert_dns_name_or_ip`. The behavior of `verify_cert_dns_name` has not been altered, and works in the same way as it has done until now, so that if `webpki` gets bumped as a dependency, it won't start accepting certificates that would have been rejected until now without notice. Neither `IpAddressRef`, `DnsNameOrIpRef` nor `IpAddress` can be instantiated directly. They must be instantiated through the `try_from_ascii` and `try_from_ascii_str` public functions. This ensures that instances of these types are correct by construction. IPv6 addresses are only validated and supported in their uncompressed form. Signed-off-by: Rafael Fernández López <[email protected]>
current_textual_octet is [u8; 3] but it was indexed by an unbounded count of octets if they matched 1..9.
rfc5952 says both are allowed.
Seems better to convert from ascii to radix-10 at the time that is known, rather than doing that validation twice (and skipping a digit as an error handling strategy).
ctz
reviewed
Dec 11, 2022
This adds 100% line coverage to the IPv4 and IPv6 subject alternative names validation implementation.
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
2 times, most recently
from
December 11, 2022 18:55
2d7c7e5
to
d8ab051
Compare
This adds 100% line coverage to the IPv4 and IPv6 subject alternative names validation implementation.
ereslibre
force-pushed
the
rustls-feat-ip-address
branch
from
December 11, 2022 18:59
d8ab051
to
d8cf167
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As discussed in #5, this will increase the code coverage to the full extent of the code additions.