Skip to content

Commit

Permalink
[WIP] add failing test
Browse files Browse the repository at this point in the history
The test validates the end entity certificate against the self-signed
CA from the Web Platform Tests (WPT) conformance suite.

The certificates are somewhat unusual in that they have really long
"Name Constraints" and "Subject Alternative Name" fields but other
libraries parse them just fine.

webpki doesn't seem able to handle the "Name Constraints" field in the
CA certificate. The `der::nested()` call in `parse_subtrees() in
src/name/verify.rs expects its closure to consume all input but it
consumes only the first item on the list.
  • Loading branch information
bnoordhuis committed Apr 24, 2021
1 parent 96a2a0f commit 21475b1
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions tests/integration.rs
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,24 @@ pub fn netflix() {
);
}

#[test]
pub fn wpt() {
let ee: &[u8] = include_bytes!("wpt/ee.der");
let ca = include_bytes!("wpt/ca.der");

let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
let anchors = webpki::TlsServerTrustAnchors(&anchors);

#[allow(clippy::unreadable_literal)] // TODO: Make this clear.
let time = webpki::Time::from_seconds_since_unix_epoch(1619256684);

let cert = webpki::EndEntityCert::try_from(ee).unwrap();
assert_eq!(
Ok(()),
cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[], time)
);
}

#[test]
pub fn ed25519() {
let ee: &[u8] = include_bytes!("ed25519/ee.der");
Expand Down
Binary file added tests/wpt/ca.der
Binary file not shown.
Binary file added tests/wpt/ee.der
Binary file not shown.

0 comments on commit 21475b1

Please sign in to comment.