This is an intermediate step towards moving them into a separate crate.
Leave the `tests` submodule for now, to make the comparison with the
old (identical) code easier. The next commit will remove it and
re-indent the code.
[`git cherry-pick 4a39e2b67d4cddf58b0ea16dd821a04ee2240058`, with support
for Edition 2018 added by Brian.]
This commit introduces the Netflix BetterTLS[0]'s path building test
suite to the webpki integration tests.
This project has a test runner for Rustls that will stand up TLS servers
to exercise these tests but:
* It requires Go.
* It needs Rustls in order to do a full TLS handshake with the test
servers.
* It's slower than testing the path building directly without the TLS
bits.
To avoid these issues this commit takes a different approach and vendors
the exported path building test suite. This is a supported feature[1] of
the upstream project and allow us to directly test webpki's path
building against the test suite without needing Rustls or Go.
[0]: https://github.com/Netflix/bettertls
[1]: https://github.com/Netflix/bettertls#exporting-tests-to-run-outside-of-the-bettertls-executor
Reset the crate contents (sources, tests, etc.)
to what they were at that commit, while retaining the newer CI
configuration.
The changes since the 0.22.0 release were primarily intended to
accomplish two goals:
* Fix and improve the GitHub Actions configuration.
* Prepare a 0.21.5 release that was backward compatible with 0.21.4
but which also contained the improvements that were in 0.22.0.
0.21.5 was never released and will not be released. Therefore all
of the noise to facilitate the 0.21.5 release can just be deleted,
as long as we leave the CI changes that are necessary for GitHub
Actions to work correctly now.
The exact commands I used were:
```
git checkout \
6c334a2cf5 \
-- \
Cargo.toml \
LICENSE \
README.md \
src \
tests \
third-party
git rm src/trust_anchor_util.rs
```
Commit 6c334a2cf5 was the commit from
which 0.22.0 was released. It is confusing because the commit
immediately prior, 0b7cbf2d32, has
commit message "0.22.0". It appears that I merged the "0.22.0"
commit, expecting to `cargo publish` from that commit, but then
`cargo publish` failed. Then I added
6c334a2cf5 to fix `cargo publish`
and did the `cargo publish` from that commit. That's why I added
the `package` CI step at that time, to prevent this confusing
situation from happening again.
`trust_anchor_utils.rs` was not in 0.22.0; the `git checkout` didn't
delete it, so I had to do it separately.
I left the tests added subsequent to 0.22.0 in `tests/` (e.g.
`name_tests.rs`) since those tests pass with the 0.22.0 sources too.
Unfortunately, this requires disabling a bunch of Clippy lints, to
avoid modifying the contents from 0.22.0.
(I know it is confusing. It took me a while to figure it out myself
today.)
Get all GitHub Actions jobs passing again.
There are no Ubuntu 18.04 runners in GitHub Actions anymore, so use
22.04.
Update mk/* scripts to match what's in *ring*'s main branch;
some of these changes are required for Ubuntu 22.04. This also fixes
a typo in the invocation of `cargo clippy`.
Temporarily allow `clippy::explicit_auto_deref` to avoid source code
changes prior to the next 0.22.1 release. Tweak `dns_names_test.rs`
so that it doesn't trigger `clippy::octal_escapes` false positives.
Update `cargo deny` to the latest release and update deny.toml so
that the Unicode license will be accepted, matching *ring*'s
configuration.
Better error than `BadDER` when certificate is generated incorrectly.
I agree to license my contributions to each file under the terms given at the top of each file I changed.
Only use *ring*'s `alloc` feature if webpki's `alloc` feature is enabled. This
disables RSA by default.
Adjust some tests that return different results depending on whether RSA is
available.
Test all feature configurations in CI.
Remove the `trust_anchor_utils` feature flag.
Guard all features that directly require allocation with a new `alloc` feature.
The RSA features will be handled separately.
Document the features. Tell docs.rs to document all features.
Adjust some tests so that tests are run in more configurations.
Remove `#![forbid(warnings)]` since Rust Nightly changed the way it enforces it,
and broke the build.
Count on Clippy to catch warnings so that we don't get bothered to deal with
transient warnings while hacking on the code.
This adds support for verification of ed25519 certificates according to
RFC 8410. Implements #49.
The test certificate was generated using OpenSSL 1.1.1a, using the
following commands (CA.pl is distributed with OpenSSL):
openssl genpkey -algorithm ed25519 -outform pem -out root_key.pem
openssl req -new -x509 -days 9999 -extensions v3_ca -key root_key.pem \
-inform pem -outform pem -out root_ed25519.pem
echo root_ed25519.pem | CA.pl -newca
openssl genpkey -algorithm ed25519 -outform pem -out client_key.pem
openssl req -new -key client_key.pem -inform pem -outform pem \
-out client_ed25519_csr.pem
openssl ca -keyfile ./root_key.pem -days 999 -notext -in \
client_ed25519_csr.pem -out client_ed25519.pem
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Brian Smith
Daniel McCarney
Stiopa Koltsov
Matthew Mahnke
Sebastian Hahn
Alex Gaynor