These enums (AlertDescription, ContentType, and HandshakeType) were
previously only available as part of the private API. Eight months ago
we added a public reexport of their names, but did not remove the
private version to avoid semver breakage.
Now that we have a semver-incompatible version coming up we can move
these fully to the public API.
The `fuzz` subdirectory is set up as a separate workspace from the main
workspace that contains `rustls` and `examples`. Because of this running
`cargo fmt --all` and other similar tooling doesn't include the `fuzz`
directory. This can lead to formatting/clippy drift over time.
In this commit the `build.yml` config is extended to also run `clippy`
and `fmt` on the `fuzz` subdirectory using `--manifest-path`.
```
warning: unused `std::result::Result` that must be used
--> fuzzers/persist.rs:14:5
|
14 | T::read(&mut rdr);
| ^^^^^^^^^^^^^^^^^^
|
= note: `#[warn(unused_must_use)]` on by default
= note: this `Result` may be an `Err` variant, which should be handled
```
This commit updates the existing `.github/dependabot.yml` config that
monitors Cargo dependencies to also monitor GitHub actions (on a weekly
cadence).
To address a pending deprecation[0], and to remove CI warnings, this
commit:
* Updates `actions/checkout` from v2 -> v3.
* Updates `codecov/codecov-action` from v1.0.10 -> v3.
* Updates `actions/upload-artifact` from v1 -> v3.
* Updates `actions/setup-go` from v2 -> v3.
For the `setup-go` workflows in particular the Go version is also
updated 1.17.1 -> 1.20.
Additionally, since the `actions-rs` upstream workflows are
unmaintained[1] this commit replaces `actions-rs/toolchain` with
`dtolnay/rust-toolchain`, a well maintained alternative. Similarly,
usages of `actions-rs/cargo` are replaced with direct invocation of
`cargo`.
[0]: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/
[1]: https://github.com/actions-rs/toolchain/issues/216
Verification error is not always raised by bad certificate, especially
in user provided verifier. For example, they may raise HSM connection
error or dynamic certificate resolve error.
All of them is not about bad certificate. So send BadCertificateAlert is
not appropriate.
Prior to this commit the `export_keyring_material` function used
a mutable out buffer for writing exported key material, and returned an
empty Ok result when there was no error doing so.
This commit updates the function such that the ownership of the output
buffer passes through the export function and is returned as the Ok
result when there is no error.
Doing this makes for a safer interface for end users: the output buffer
will be dropped if `export_keyring_material` errors. Callers can only
access the buffer again using the OK result.
All credit due to davidv1992 for the implementation idea and initial
code that was extended in this commit.
The `admin/format-bench` script has bitrot so that it no longer
functions with the current output produced by the benchmark tooling.
It's not clear that this tool is still needed, so rather than fix it or
port it to Rust, we choose to remove it outright.
If it turns out there is a need for formatting benchmarking output we
should consider building that into the benchmark tool itself to avoid
needing to deal with a Python tool-chain and associated versioning
challenges.
This commit adds a README to the `fuzz` subdirectory of the project
root. The README has a few small pointers to help a developer get
started running the fuzz tests locally, and a link to the upstream
cargo-fuzz docs for more information.
The `trytls/runme` script has bitrot and doesn't function on systems
with up to date Python installations. The upstream project has Python
3.8+ compatibility issues and hasn't seen new commits in ~7 years.
Rustls has easier to maintain test coverage through
`examples/tests/badssl.rs` and the bogo test suite. For that reason this
commit removes the `trytls` scaffolding in favour of continuing to
maintain it.
The front-page index for the Rustls lib includes a list of re-exported
structs comprising the public API. Prior to this commit the
`handskae::DigitallySignedStruct` type was included in this list, but
lacked a rustdoc comment.
This commit adds a simple rustdoc comment for this type. Now all of the
structs mentioned in the front-page index have some documentation.
The upstream `x509-parser` crate moved the `FromDer` trait from
a `traits` submodule to a `prelude` submodule, breaking the docs
link/example in the Rustls `DistinguishedName` and
`OwnedTrustAnchor.subject` doc strings.
This commit fixes the links/examples to use the current location of the
`FromDer` trait.
Prior to this commit the `fetch-and-build` script with newer `git`
versions would spit out an ANSI coloured warning about choosing an
initial branch name for the bogo test-suite checkout.
This commit simply specifies the `--initial-branch` to be `main` to
silence the unnecessary output.
Prior to this commit the admin `bench-range`, `capture-certdata` and
`format-bench` Python helpers used a hardcoded path to Python3 in their
shebang. This commit updates each to use `/usr/bin/env` to find
`python3` in the `$PATH`.
These helpers also used Python2 style `print` statements instead of the
Python3 style `print` function. This commit adds the required braces to
fix Python3 usage.
Prior to this commit some helper scripts used hardcoded paths to
`/bin/sh` and `/bin/bash` in script shebangs. This will error on systems
that don't place `bash` in `/bin/` (e.g. NixOS).
This commit updates the scripts to use `/usr/bin/env` to find `bash`
based on the user's `$PATH`. This has better portability and allows the
scripts to run without err (or specifying an interpreter explicitly) on
systems with atypical `bash` installs.
Running the `admin/coverage` script produces a `default.profraw` in the
project root. Prior to this commit that file was not ignored by git.
This commit adds it to the ignore list since we don't want this file to
be accidentally submitted upstream.
This commit also adds the JetBrains IDE state dir (`.idea`) to the
gitignore. This is a small quality of life improvement for users of
CLion.
In this edge case (not specified by RFC8446) we send a fatal
invalid_parameter alert, but then keep processing incoming messages.
This led to a debug assert failure when a later message also sent
an alert.