Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rustls webpki test harness? #88

Closed
cpu opened this issue Nov 15, 2023 · 2 comments · Fixed by #105
Closed

Rustls webpki test harness? #88

cpu opened this issue Nov 15, 2023 · 2 comments · Fixed by #105
Labels
enhancement ✨ New feature or request

Comments

@cpu
Copy link

cpu commented Nov 15, 2023

Hi folks, great project 🔒 🔨

I saw that #80 added a test harness for briansmith/webpki. Would you be willing to do similar for rustls/webpki?

The rustls project uses this fork instead of the original repository since Rustls v0.21.0. It has some capabilities not present in the original repository (like IP address subject support, and CRL based revocation checking).

We've invested in running other testing regimens like BetterTLS in-repo but are always keen for more coverage.

@woodruffw
Copy link
Collaborator

Hey @cpu, thanks for reaching out!

I'd love to integrate rustls-webpki as another harness member, but I can't guarantee a timeline for doing so -- the current harness members are mostly just to give us yes/no signals for PyCA Cryptography's own X.509 path building implementation (pyca/cryptography#2381, pyca/cryptography#8873), so we've been adding them sparingly as conflicting datapoints arise 🙂

(That being said, I may quickly build this out for funsies.)

We've invested in running other testing regimens like BetterTLS in-repo but are always keen for more coverage.

Have you considered integrating this testsuite in-repo as well? That's what PyCA Cryptography is doing, and it's how we intended it to be used. If that sounds interesting to you, I'd be happy to help with that!

For reference: here's the (WIP) harness that PyCA Cryptography is using to run x509-limbo in situ:

https://github.com/pyca/cryptography/blob/e665d3b36f0523129dee8652109414a49d82049d/tests/x509/limbo/test_limbo.py

@woodruffw woodruffw added the enhancement ✨ New feature or request label Nov 15, 2023
@cpu
Copy link
Author

cpu commented Nov 15, 2023

I'd love to integrate rustls-webpki as another harness member, but I can't guarantee a timeline for doing so

Very fair! Thanks for considering it.

Have you considered integrating this testsuite in-repo as well? That's what PyCA Cryptography is doing, and it's how we intended it to be used. If that sounds interesting to you, I'd be happy to help with that!

I hadn't, but that would be even better 👍 I haven't been following this work very closely and didn't realize it was amenable to that. I don't think I'll be able to find time to work on that in next week or so but I'll put it in my backlog for a rainy day. I appreciate the pointers and offer to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement ✨ New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants