Skip to content

Commit f866359

Browse files
ctzctz
committed
Add basic tests for ipv4/ipv6 SANs
1 parent 3ee83cd commit f866359

File tree

4 files changed

+53
-0
lines changed

4 files changed

+53
-0
lines changed

tests/cloudflare_dns/ca.der

947 Bytes
Binary file not shown.

tests/cloudflare_dns/ee.der

1.5 KB
Binary file not shown.

tests/cloudflare_dns/inter.der

1.03 KB
Binary file not shown.

tests/integration.rs

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,59 @@ pub fn netflix() {
5353
);
5454
}
5555

56+
/* This is notable because it is a popular use of IP address subjectAltNames. */
57+
#[cfg(feature = "alloc")]
58+
#[test]
59+
pub fn cloudflare_dns() {
60+
let ee: &[u8] = include_bytes!("cloudflare_dns/ee.der");
61+
let inter = include_bytes!("cloudflare_dns/inter.der");
62+
let ca = include_bytes!("cloudflare_dns/ca.der");
63+
64+
let anchors = vec![webpki::TrustAnchor::try_from_cert_der(ca).unwrap()];
65+
let anchors = webpki::TLSServerTrustAnchors(&anchors);
66+
67+
#[allow(clippy::unreadable_literal)]
68+
let time = webpki::Time::from_seconds_since_unix_epoch(1663495771);
69+
70+
let cert = webpki::EndEntityCert::try_from(ee).unwrap();
71+
assert_eq!(
72+
Ok(()),
73+
cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
74+
);
75+
76+
let check_name = |name: &str| {
77+
let dns_name_ref = webpki::DnsNameRef::try_from_ascii_str(name).unwrap();
78+
assert_eq!(Ok(()), cert.verify_is_valid_for_dns_name(dns_name_ref));
79+
let subject_name_ref = webpki::SubjectNameRef::from(dns_name_ref);
80+
assert_eq!(
81+
Ok(()),
82+
cert.verify_is_valid_for_subject_name(subject_name_ref)
83+
);
84+
println!("{:?} ok as name", name);
85+
};
86+
87+
let check_addr = |addr: &str| {
88+
let subject_name_ref = webpki::SubjectNameRef::try_from_ascii(addr.as_bytes()).unwrap();
89+
assert_eq!(
90+
Ok(()),
91+
cert.verify_is_valid_for_subject_name(subject_name_ref)
92+
);
93+
println!("{:?} ok as address", addr);
94+
};
95+
96+
check_name("cloudflare-dns.com");
97+
check_name("wildcard.cloudflare-dns.com");
98+
check_name("one.one.one.one");
99+
check_addr("1.1.1.1");
100+
check_addr("1.0.0.1");
101+
check_addr("162.159.36.1");
102+
check_addr("162.159.46.1");
103+
check_addr("2606:4700:4700:0000:0000:0000:0000:1111");
104+
check_addr("2606:4700:4700:0000:0000:0000:0000:1001");
105+
check_addr("2606:4700:4700:0000:0000:0000:0000:0064");
106+
check_addr("2606:4700:4700:0000:0000:0000:0000:6400");
107+
}
108+
56109
#[test]
57110
pub fn ed25519() {
58111
let ee: &[u8] = include_bytes!("ed25519/ee.der");

0 commit comments

Comments
 (0)