Description: use older branch of crate rustls-webpki Author: Jonas Smedegaard Forwarded: not-needed Last-Update: 2025-03-23 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/Cargo.toml +++ b/Cargo.toml @@ -77,7 +77,7 @@ time = { version = "0.3.6", default-features = false } tikv-jemallocator = "0.6" tokio = { version = "1.34", features = ["io-util", "macros", "net", "rt"] } -webpki = { package = "rustls-webpki", version = "0.103", features = ["alloc"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.102.8", features = ["alloc"], default-features = false } rustls-native-certs = "0.6" x25519-dalek = "2" x509-parser = "0.17" --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -2,7 +2,7 @@ use core::fmt; use pki_types::CertificateRevocationListDer; -use webpki::{CertRevocationList, InvalidNameContext, OwnedCertRevocationList}; +use webpki::{CertRevocationList, OwnedCertRevocationList}; use crate::error::{CertRevocationListError, CertificateError, Error, OtherError}; #[cfg(feature = "std")] @@ -58,27 +58,13 @@ use webpki::Error::*; match error { BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), - CertNotValidYet { time, not_before } => { - CertificateError::NotValidYetContext { time, not_before }.into() - } - CertExpired { time, not_after } => { - CertificateError::ExpiredContext { time, not_after }.into() - } - InvalidCertValidity => CertificateError::Expired.into(), + CertNotValidYet => CertificateError::NotValidYet.into(), + CertExpired | InvalidCertValidity => CertificateError::Expired.into(), UnknownIssuer => CertificateError::UnknownIssuer.into(), - CertNotValidForName(InvalidNameContext { - expected, - presented, - }) => CertificateError::NotValidForNameContext { - expected, - presented, - } - .into(), + CertNotValidForName => CertificateError::NotValidForName.into(), CertRevoked => CertificateError::Revoked.into(), UnknownRevocationStatus => CertificateError::UnknownRevocationStatus.into(), - CrlExpired { time, next_update } => { - CertificateError::ExpiredRevocationListContext { time, next_update }.into() - } + CrlExpired => CertificateError::ExpiredRevocationList.into(), IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), InvalidSignatureForPublicKey @@ -205,7 +191,7 @@ ), ]; for t in testcases { - assert_eq!(crl_error(t.0.clone()), t.1); + assert_eq!(crl_error(t.0), t.1); } assert!(matches!( --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1677,7 +1677,7 @@ assert_eq!( err, Err(ErrorFromPeer::Client(Error::InvalidCertificate( - certificate_error_expecting_name("not-the-right-hostname.com") + CertificateError::NotValidForName ))) ); } @@ -1712,7 +1712,7 @@ assert_eq!( check_server_name(client_config.clone(), server_config.clone(), "198.51.100.2"), Err(ErrorFromPeer::Client(Error::InvalidCertificate( - certificate_error_expecting_name("198.51.100.2") + CertificateError::NotValidForName ))) ); @@ -1726,7 +1726,7 @@ assert_eq!( check_server_name(client_config.clone(), server_config.clone(), "2001:db8::2"), Err(ErrorFromPeer::Client(Error::InvalidCertificate( - certificate_error_expecting_name("2001:db8::2") + CertificateError::NotValidForName ))) ); } @@ -1888,12 +1888,12 @@ // We expect the handshake to fail since the CRL is expired. let err = do_handshake_until_error(&mut client, &mut server); - assert!(matches!( + assert_eq!( err, Err(ErrorFromPeer::Client(Error::InvalidCertificate( - CertificateError::ExpiredRevocationListContext { .. } + CertificateError::ExpiredRevocationList ))) - )); + ); let client_config = make_client_config_with_verifier(&[version], ignore_expiration_builder.clone()); @@ -3470,9 +3470,7 @@ ) ); assert_eq!( - Err(Error::InvalidCertificate(certificate_error_expecting_name( - "not-localhost" - ))), + Err(Error::InvalidCertificate(CertificateError::NotValidForName)), resolver.add( "not-localhost", sign::CertifiedKey::new(kt.get_chain(), signing_key.clone())