From 87161a866e9499038f1d38b78cf317b540c17fe5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 23 Nov 2023 22:17:08 +0100 Subject: [PATCH 1/3] Fixate rustls-pemfile alpha version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 300b064..231ec95 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ percent-encoding = "2.3" rcgen = "0.11.1" reqwest = { version = "0.11", features = ["rustls-tls-manual-roots"] } ring = "0.17.0" -rustls-pemfile = "2.0.0-alpha.1" +rustls-pemfile = "=2.0.0-alpha.1" serde = { version = "1.0.183", features = ["derive"] } tokio = { version = "1", features = ["macros", "rt-multi-thread"] } webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6" } From b998e0f70bbaf6d3bf9f1d1d8ecff953db31ddb5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 21 Nov 2023 13:24:02 +0100 Subject: [PATCH 2/3] Upgrade to latest webpki alpha --- Cargo.toml | 4 ++-- tests/codegen.rs | 4 ++-- tests/verify.rs | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 231ec95..1ce2f15 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,7 @@ homepage = "https://github.com/rustls/webpki-roots" repository = "https://github.com/rustls/webpki-roots" [dependencies] -pki-types = { package = "rustls-pki-types", version = "0.2", default-features = false } +pki-types = { package = "rustls-pki-types", version = "0.2.2", default-features = false } [dev-dependencies] chrono = { version = "0.4.26", default-features = false, features = ["clock"] } @@ -23,6 +23,6 @@ ring = "0.17.0" rustls-pemfile = "=2.0.0-alpha.1" serde = { version = "1.0.183", features = ["derive"] } tokio = { version = "1", features = ["macros", "rt-multi-thread"] } -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6" } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", features = ["alloc"] } x509-parser = "0.15.1" yasna = "0.5.2" diff --git a/tests/codegen.rs b/tests/codegen.rs index 704e8ef..38ce893 100644 --- a/tests/codegen.rs +++ b/tests/codegen.rs @@ -9,7 +9,7 @@ use num_bigint::BigUint; use pki_types::CertificateDer; use ring::digest; use serde::Deserialize; -use webpki::extract_trust_anchor; +use webpki::anchor_from_trusted_cert; use x509_parser::prelude::AttributeTypeAndValue; use x509_parser::x509::X509Name; @@ -92,7 +92,7 @@ async fn new_generated_code_is_fresh() { assert_eq!(calculated_fp.as_ref(), metadata_fp.as_slice()); let ta_der = CertificateDer::from(der.as_ref()); - let ta = extract_trust_anchor(&ta_der).expect("malformed trust anchor der"); + let ta = anchor_from_trusted_cert(&ta_der).expect("malformed trust anchor der"); subject.clear(); for &b in ta.subject.as_ref() { write!(&mut subject, "{}", escape_default(b)).unwrap(); diff --git a/tests/verify.rs b/tests/verify.rs index ba56e99..57a6cec 100644 --- a/tests/verify.rs +++ b/tests/verify.rs @@ -1,9 +1,9 @@ use core::time::Duration; use std::convert::TryFrom; -use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; +use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime, ServerName}; use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, IsCa, KeyUsagePurpose}; -use webpki::{extract_trust_anchor, EndEntityCert, Error, KeyUsage, SubjectNameRef}; +use webpki::{anchor_from_trusted_cert, EndEntityCert, Error, KeyUsage}; use x509_parser::extensions::{GeneralName, NameConstraints as X509ParserNameConstraints}; use x509_parser::prelude::FromDer; @@ -17,7 +17,7 @@ fn name_constraints() { { let time = UnixTime::since_unix_epoch(Duration::from_secs(0x40000000)); // Time matching rcgen default. let test_case = ConstraintTest::new(name_constraints.as_ref()); - let trust_anchors = &[extract_trust_anchor(&test_case.trust_anchor).unwrap()]; + let trust_anchors = &[anchor_from_trusted_cert(&test_case.trust_anchor).unwrap()]; // Each permitted EE should verify without error. for permitted_ee in test_case.permitted_certs { @@ -165,7 +165,7 @@ fn tubitak_name_constraint_works() { let inter = CertificateDer::from(&include_bytes!("data/tubitak/inter.der")[..]); let subj = CertificateDer::from(&include_bytes!("data/tubitak/subj.der")[..]); - let roots = [extract_trust_anchor(&root).unwrap().to_owned()]; + let roots = [anchor_from_trusted_cert(&root).unwrap().to_owned()]; let now = UnixTime::since_unix_epoch(Duration::from_secs(1493668479)); let cert = EndEntityCert::try_from(&subj).unwrap(); cert.verify_for_usage( @@ -179,8 +179,8 @@ fn tubitak_name_constraint_works() { ) .unwrap(); - let subject = SubjectNameRef::try_from_ascii_str("testssl.kamusm.gov.tr").unwrap(); - cert.verify_is_valid_for_subject_name(subject).unwrap(); + let subject = ServerName::try_from("testssl.kamusm.gov.tr").unwrap(); + cert.verify_is_valid_for_subject_name(&subject).unwrap(); } static ALL_ALGORITHMS: &[&dyn SignatureVerificationAlgorithm] = &[ From 6cf5aba7c234b563817467f5c05041630348d7ba Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 21 Nov 2023 13:26:45 +0100 Subject: [PATCH 3/3] Bump version to alpha.2 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 1ce2f15..68ca08d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "webpki-roots" -version = "0.26.0-alpha.1" +version = "0.26.0-alpha.2" edition = "2018" readme = "README.md" license = "MPL-2.0"