Skip to content

Commit 0d9aa7d

Browse files
cpucpu
committed
tests: enable mock IP address validation for Linux.
Since Webpki v0.100.x the Linux `webpki` based verifier has supported IP address subjects. This commit enables the mock IP address verification tests for the Linux platform that uses that crate. The `stapled_revoked_ipv4` and `stapled_revoked_ipv6` tests remain gated to not run on Linux since the `webpki` crate doesn't presently support revocation checking w/ OCSP.
1 parent 5462d83 commit 0d9aa7d

File tree

1 file changed

+18
-16
lines changed
  • src/tests/verification_mock

1 file changed

+18
-16
lines changed

src/tests/verification_mock/mod.rs

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -72,15 +72,15 @@ macro_rules! no_error {
7272
const ROOT1: &[u8] = include_bytes!("root1.crt");
7373
const ROOT1_INT1: &[u8] = include_bytes!("root1-int1.crt");
7474
const ROOT1_INT1_EXAMPLE_COM_GOOD: &[u8] = include_bytes!("root1-int1-ee_example.com-good.crt");
75-
#[cfg(any(windows, target_os = "macos"))]
75+
#[cfg(any(windows, target_os = "macos", target_os = "linux"))]
7676
const ROOT1_INT1_LOCALHOST_IPV4_GOOD: &[u8] = include_bytes!("root1-int1-ee_127.0.0.1-good.crt");
77-
#[cfg(any(windows, target_os = "macos"))]
77+
#[cfg(any(windows, target_os = "macos", target_os = "linux"))]
7878
const ROOT1_INT1_LOCALHOST_IPV6_GOOD: &[u8] = include_bytes!("root1-int1-ee_1-good.crt");
7979

8080
const EXAMPLE_COM: &str = "example.com";
81-
#[cfg(any(windows, target_os = "macos"))]
81+
#[cfg(any(windows, target_os = "macos", target_os = "linux"))]
8282
const LOCALHOST_IPV4: &str = "127.0.0.1";
83-
#[cfg(any(windows, target_os = "macos"))]
83+
#[cfg(any(windows, target_os = "macos", target_os = "linux"))]
8484
const LOCALHOST_IPV6: &str = "::1";
8585

8686
#[cfg(any(test, feature = "ffi-testing"))]
@@ -115,8 +115,8 @@ fn test_verification_without_mock_root() {
115115
verification_without_mock_root()
116116
}
117117

118-
// Note: `WebPkiVerifier` (Linux) does not support IP address hosts, so these tests are disabled for Linux
119-
// Ref: https://docs.rs/rustls/0.20.6/src/rustls/verify.rs.html#322. Android does not currently support them either.
118+
// Note: Android does not currently support IP address hosts, so these tests are disabled for
119+
// Android.
120120
// Verifies that our test trust anchor(s) are not trusted when `Verifier::new()`
121121
// is used.
122122
mock_root_test_cases! {
@@ -127,14 +127,14 @@ mock_root_test_cases! {
127127
expected_result: Ok(()),
128128
other_error: no_error!(),
129129
},
130-
valid_no_stapling_ipv4 [ any(windows, target_os = "macos") ] => TestCase {
130+
valid_no_stapling_ipv4 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
131131
reference_id: LOCALHOST_IPV4,
132132
chain: &[ROOT1_INT1_LOCALHOST_IPV4_GOOD, ROOT1_INT1],
133133
stapled_ocsp: None,
134134
expected_result: Ok(()),
135135
other_error: no_error!(),
136136
},
137-
valid_no_stapling_ipv6 [ any(windows, target_os = "macos") ] => TestCase {
137+
valid_no_stapling_ipv6 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
138138
reference_id: LOCALHOST_IPV6,
139139
chain: &[ROOT1_INT1_LOCALHOST_IPV6_GOOD, ROOT1_INT1],
140140
stapled_ocsp: None,
@@ -148,14 +148,14 @@ mock_root_test_cases! {
148148
expected_result: Ok(()),
149149
other_error: no_error!(),
150150
},
151-
valid_stapled_good_ipv4 [ any(windows, target_os = "macos") ] => TestCase {
151+
valid_stapled_good_ipv4 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
152152
reference_id: LOCALHOST_IPV4,
153153
chain: &[ROOT1_INT1_LOCALHOST_IPV4_GOOD, ROOT1_INT1],
154154
stapled_ocsp: Some(include_bytes!("root1-int1-ee_127.0.0.1-good.ocsp")),
155155
expected_result: Ok(()),
156156
other_error: no_error!(),
157157
},
158-
valid_stapled_good_ipv6 [ any(windows, target_os = "macos") ] => TestCase {
158+
valid_stapled_good_ipv6 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
159159
reference_id: LOCALHOST_IPV6,
160160
chain: &[ROOT1_INT1_LOCALHOST_IPV6_GOOD, ROOT1_INT1],
161161
stapled_ocsp: Some(include_bytes!("root1-int1-ee_1-good.ocsp")),
@@ -164,6 +164,8 @@ mock_root_test_cases! {
164164
},
165165
// Uses a separate certificate from the one used in the "good" case to deal
166166
// with operating systems with validation data caches (e.g. Windows).
167+
// Linux is not included, since the webpki verifier does not presently support OCSP revocation
168+
// checking.
167169
stapled_revoked_dns [ any(windows, target_os = "android", target_os = "macos") ] => TestCase {
168170
reference_id: EXAMPLE_COM,
169171
chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1],
@@ -197,14 +199,14 @@ mock_root_test_cases! {
197199
expected_result: Err(TlsError::InvalidCertificate(CertificateError::UnknownIssuer)),
198200
other_error: no_error!(),
199201
},
200-
ee_only_ipv4 [ any(windows, target_os = "macos") ] => TestCase {
202+
ee_only_ipv4 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
201203
reference_id: LOCALHOST_IPV4,
202204
chain: &[ROOT1_INT1_LOCALHOST_IPV4_GOOD],
203205
stapled_ocsp: None,
204206
expected_result: Err(TlsError::InvalidCertificate(CertificateError::UnknownIssuer)),
205207
other_error: no_error!(),
206208
},
207-
ee_only_ipv6 [ any(windows, target_os = "macos") ] => TestCase {
209+
ee_only_ipv6 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
208210
reference_id: LOCALHOST_IPV6,
209211
chain: &[ROOT1_INT1_LOCALHOST_IPV6_GOOD],
210212
stapled_ocsp: None,
@@ -219,14 +221,14 @@ mock_root_test_cases! {
219221
expected_result: Err(TlsError::InvalidCertificate(CertificateError::NotValidForName)),
220222
other_error: no_error!(),
221223
},
222-
domain_mismatch_ipv4 [ any(windows, target_os = "macos") ] => TestCase {
224+
domain_mismatch_ipv4 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
223225
reference_id: "198.168.0.1",
224226
chain: &[ROOT1_INT1_LOCALHOST_IPV4_GOOD, ROOT1_INT1],
225227
stapled_ocsp: None,
226228
expected_result: Err(TlsError::InvalidCertificate(CertificateError::NotValidForName)),
227229
other_error: no_error!(),
228230
},
229-
domain_mismatch_ipv6 [ any(windows, target_os = "macos") ] => TestCase {
231+
domain_mismatch_ipv6 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
230232
reference_id: "::ffff:c6a8:1",
231233
chain: &[ROOT1_INT1_LOCALHOST_IPV6_GOOD, ROOT1_INT1],
232234
stapled_ocsp: None,
@@ -241,15 +243,15 @@ mock_root_test_cases! {
241243
CertificateError::Other(Arc::from(EkuError)))),
242244
other_error: Some(EkuError),
243245
},
244-
wrong_eku_ipv4 [ any(windows, target_os = "macos") ] => TestCase {
246+
wrong_eku_ipv4 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
245247
reference_id: LOCALHOST_IPV4,
246248
chain: &[include_bytes!("root1-int1-ee_127.0.0.1-wrong_eku.crt"), ROOT1_INT1],
247249
stapled_ocsp: None,
248250
expected_result: Err(TlsError::InvalidCertificate(
249251
CertificateError::Other(Arc::from(EkuError)))),
250252
other_error: Some(EkuError),
251253
},
252-
wrong_eku_ipv6 [ any(windows, target_os = "macos") ] => TestCase {
254+
wrong_eku_ipv6 [ any(windows, target_os = "macos", target_os = "linux") ] => TestCase {
253255
reference_id: LOCALHOST_IPV6,
254256
chain: &[include_bytes!("root1-int1-ee_1-wrong_eku.crt"), ROOT1_INT1],
255257
stapled_ocsp: None,

0 commit comments

Comments
 (0)