Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add context in name validation errors #301

Merged
merged 3 commits into from
Jan 16, 2025
Merged

Add context in name validation errors #301

merged 3 commits into from
Jan 16, 2025

Conversation

djc
Copy link
Member

@djc djc commented Dec 22, 2024

This pretty much achieves my goals and is probably workable but not quite pretty:

  • No Copy for Error means a semver-incompatible change
    • Semver-incompatible changes in webpki specifically are relatively manageable since most users don't depend on it directly
  • A little strange to get different errors for alloc vs no alloc?

I can fix test failures etc if we think this is worth doing.

@djc djc requested review from cpu and ctz December 22, 2024 16:40
@ctz
Copy link
Member

ctz commented Dec 23, 2024

I think this is definitely worth doing. In the future we could also do similar treatment to:

  • CertExpired
  • CertNotValidYet
  • CrlExpired

(with the current and cert times)

The other future improvement would be to have a more detailed fmt::Display, which could say, perhaps:

certificate is not valid for "example.com".
instead, the certificate contained "*.example.com", "foobar.org".

@djc djc marked this pull request as ready for review December 23, 2024 21:16
Copy link

codecov bot commented Dec 23, 2024

Codecov Report

Attention: Patch coverage is 97.67442% with 4 lines in your changes missing coverage. Please review.

Project coverage is 97.30%. Comparing base (5dc0926) to head (44fc4a6).
Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
src/subject_name/dns_name.rs 94.28% 2 Missing ⚠️
src/error.rs 0.00% 1 Missing ⚠️
src/subject_name/ip_address.rs 96.66% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #301      +/-   ##
==========================================
+ Coverage   97.23%   97.30%   +0.07%     
==========================================
  Files          20       20              
  Lines        4225     4343     +118     
==========================================
+ Hits         4108     4226     +118     
  Misses        117      117              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@djc
Copy link
Member Author

djc commented Dec 23, 2024

I think this is definitely worth doing. In the future we could also do similar treatment to:

  • CertExpired
  • CertNotValidYet
  • CrlExpired

(with the current and cert times)

The other future improvement would be to have a more detailed fmt::Display, which could say, perhaps:

certificate is not valid for "example.com".
instead, the certificate contained "*.example.com", "foobar.org".

Good ideas! Have not implemented them yet, figure it makes sense to get this in first as a proof point and to iron out the pattern here.

@djc djc force-pushed the unexpected-name branch 4 times, most recently from 7bc8a7a to 98d5332 Compare December 23, 2024 21:55
src/error.rs Outdated Show resolved Hide resolved
src/subject_name/verify.rs Show resolved Hide resolved
@djc djc force-pushed the unexpected-name branch 2 times, most recently from a40d2ca to c67bd76 Compare December 24, 2024 13:06
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's some initial feedback. Overall I think it's 👍

src/der.rs Show resolved Hide resolved
src/error.rs Outdated Show resolved Hide resolved
src/error.rs Outdated Show resolved Hide resolved
src/subject_name/verify.rs Show resolved Hide resolved
@djc djc force-pushed the unexpected-name branch from c67bd76 to 56700b4 Compare January 6, 2025 09:20
@djc djc force-pushed the unexpected-name branch 10 times, most recently from 18dc1a0 to 1757dc0 Compare January 6, 2025 13:12
@djc
Copy link
Member Author

djc commented Jan 6, 2025

Fixed the test failures and tacked on some refactoring.

Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error context changes LGTM.

I'm a little bit nervous about the NameIterator simplification at the end w.r.t the directory_name bool change. I think it's probably OK but want to review that part of the diff with fresh eyes before I +1 the whole PR. I find the pre-existing code hard to reason about when I haven't been working in this repo recently.

If you want to pull refactoring out into a second PR to land the error improvement sooner that's OK with me too.

src/error.rs Outdated Show resolved Hide resolved
src/error.rs Outdated Show resolved Hide resolved
src/subject_name/verify.rs Show resolved Hide resolved
src/subject_name/verify.rs Outdated Show resolved Hide resolved
@cpu
Copy link
Member

cpu commented Jan 14, 2025

To see the specific tasks where the Asana app for GitHub is being used, see below:
https://app.asana.com/0/0/1209099649554591
https://app.asana.com/0/0/1209099649554598

Is this something you're using to track your F/OSS work? FWIW the links are 404s for me as an unauthed user so I'm not sure it's useful for Asana to be putting them in the PR desc.

@djc
Copy link
Member Author

djc commented Jan 15, 2025

Is this something you're using to track your F/OSS work? FWIW the links are 404s for me as an unauthed user so I'm not sure it's useful for Asana to be putting them in the PR desc.

Yeah, trying out Asana to track my personal tasks and its GitHub integration turned out to be more bidirectional than I thought. Will remove it.

@djc
Copy link
Member Author

djc commented Jan 15, 2025

If you want to pull refactoring out into a second PR to land the error improvement sooner that's OK with me too.

That sounds like a good idea!

@djc djc force-pushed the unexpected-name branch from 1757dc0 to d384bac Compare January 15, 2025 14:28
@djc
Copy link
Member Author

djc commented Jan 15, 2025

I'm a little bit nervous about the NameIterator simplification at the end w.r.t the directory_name bool change.

It's gone for now, will bring it back in a separate PR after this is merged.

Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice :-)

@djc djc force-pushed the unexpected-name branch from d384bac to 44fc4a6 Compare January 16, 2025 10:25
@djc
Copy link
Member Author

djc commented Jan 16, 2025

Will wait to see if @ctz has any more detailed feedback.

Copy link
Member

@ctz ctz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(beach review: lgtm!)

@djc djc added this pull request to the merge queue Jan 16, 2025
Merged via the queue into main with commit c32bfb9 Jan 16, 2025
58 checks passed
@djc djc deleted the unexpected-name branch January 16, 2025 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants