-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement IP address validation #260
Open
ereslibre
wants to merge
7
commits into
briansmith:main
Choose a base branch
from
ereslibre:verify-ip-addresses
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Commits on Oct 9, 2022
-
Implement IP address validation
Introduce `IpAddressRef`, `DnsNameOrIpRef` and the owned type `IpAddress`. Introduce a new public function `verify_is_valid_for_dns_name_or_ip` that validates a given host name or IP address against a certificate. IP addresses are only compared against Subject Alternative Names. It's possible to convert the already existing types `DnsNameRef` and `IpAddressRef` into a `DnsNameOrIpRef` for better ergonomics when calling to `verify_cert_dns_name_or_ip`. The behavior of `verify_cert_dns_name` has not been altered, and works in the same way as it has done until now, so that if `webpki` gets bumped as a dependency, it won't start accepting certificates that would have been rejected until now without notice. Neither `IpAddressRef`, `DnsNameOrIpRef` nor `IpAddress` can be instantiated directly. They must be instantiated through the `try_from_ascii` and `try_from_ascii_str` public functions. This ensures that instances of these types are correct by construction. IPv6 addresses are only validated and supported in their uncompressed form. Signed-off-by: Rafael Fernández López <ereslibre@ereslibre.es>
Configuration menu - View commit details
-
Copy full SHA for ccc6426 - Browse repository at this point
Copy the full SHA ccc6426View commit details -
current_textual_octet is [u8; 3] but it was indexed by an unbounded count of octets if they matched 1..9.
Configuration menu - View commit details
-
Copy full SHA for 6477d82 - Browse repository at this point
Copy the full SHA 6477d82View commit details -
rfc5952 says both are allowed.
Configuration menu - View commit details
-
Copy full SHA for 7bb2899 - Browse repository at this point
Copy the full SHA 7bb2899View commit details -
Configuration menu - View commit details
-
Copy full SHA for f285cd2 - Browse repository at this point
Copy the full SHA f285cd2View commit details -
textual_octets_to_octet: simplify and satisfy clippy
Seems better to convert from ascii to radix-10 at the time that is known, rather than doing that validation twice (and skipping a digit as an error handling strategy).
Configuration menu - View commit details
-
Copy full SHA for 542ab4d - Browse repository at this point
Copy the full SHA 542ab4dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 036fdfa - Browse repository at this point
Copy the full SHA 036fdfaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 61cd0b2 - Browse repository at this point
Copy the full SHA 61cd0b2View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.