Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use X509.Certificate.fold_decode_pem_multiple also in tests #35

Merged
merged 2 commits into from
Aug 6, 2024
Merged

use X509.Certificate.fold_decode_pem_multiple also in tests #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d9f0e1
use X509.Certificate.fold_decode_pem_multiple also in tests
hannesm Aug 6, 2024
3d30df0
require OCaml 4.13 (transitive from X509)
hannesm Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ca-certs.opam
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ depends: [
"digestif" {>= "1.2.0"}
"mirage-crypto" {>= "1.0.0"}
"x509" {>= "1.0.0"}
"ocaml" {>= "4.08.0"}
"ocaml" {>= "4.13.0"}
"ohex" {>= "0.2.0"}
"alcotest" {with-test}
"fmt" {with-test & >= "0.8.7"}
Expand Down
2 changes: 1 addition & 1 deletion dune-project
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
(digestif (>= 1.2.0))
(mirage-crypto (>= 1.0.0))
(x509 (>= 1.0.0))
(ocaml (>= 4.08.0))
(ocaml (>= 4.13.0))
(ohex (>= 0.2.0))
(alcotest :with-test)
(fmt (and :with-test (>= 0.8.7))))
Expand Down
42 changes: 12 additions & 30 deletions test/tests.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -984,36 +984,18 @@ let tests tas =
err_tests

let ta () =
Result.bind (Ca_certs.trust_anchors ()) (fun data ->
(* we cannot use decode_pem_multiple since this fails on the first
undecodable certificate - while we'd like to stay operational, and
ignore some certificates *)
let d = "-----" in
let new_cert = d ^ "BEGIN CERTIFICATE" ^ d
and end_of_cert = d ^ "END CERTIFICATE" ^ d in
let len_new = String.length new_cert
and len_end = String.length end_of_cert in
let lines = String.split_on_char '\n' data in
let _, cas =
List.fold_left
(fun (acc, cas) line ->
match acc with
| None
when String.length line >= len_new
&& String.(equal (sub line 0 len_new) new_cert) ->
(Some [ line ], cas)
| None -> (None, cas)
| Some lines
when String.length line >= len_end
&& String.(equal (sub line 0 len_end) end_of_cert) -> (
let data = String.concat "\n" (List.rev (line :: lines)) in
match X509.Certificate.decode_pem data with
| Ok ca -> (None, ca :: cas)
| Error (`Msg _) -> (None, cas))
| Some lines -> (Some (line :: lines), cas))
(None, []) lines
in
Ok (List.rev cas))
let ( let* ) = Result.bind in
let* data = Ca_certs.trust_anchors () in
let cas =
X509.Certificate.fold_decode_pem_multiple
(fun acc -> function
| Ok t -> t :: acc
| Error (`Msg msg) ->
Logs.warn (fun m -> m "Ignoring undecodable trust anchor: %s." msg);
acc)
[] data
in
Ok cas

let () =
Logs.set_reporter (Logs_fmt.reporter ());
Expand Down