Skip to content

feat(std-net): add TLS certificate inspection#117

Open
larimonious wants to merge 4 commits into
mainfrom
feat/std-net-tls-info-clean
Open

feat(std-net): add TLS certificate inspection#117
larimonious wants to merge 4 commits into
mainfrom
feat/std-net-tls-info-clean

Conversation

@larimonious
Copy link
Copy Markdown
Contributor

@larimonious larimonious commented Jun 7, 2026
edited
Loading

Summary

  • Adds std/net.tls_info(host, opts?) for bounded TLS certificate inspection.
  • Returns certificate subject/issuer details, common names, SANs, validity timestamps, days remaining, serial, signature algorithm, TLS protocol/cipher, chain length, and validation status.
  • Keeps private/special target policy aligned with the rest of std/net.
  • Adds local TLS fixture coverage, typechecker coverage, generated stdlib docs, AI guide docs, and an opt-in public example.

Verification

  • cargo test --locked
  • cargo build --profile dev-release --locked
  • ./target/dev-release/ntnt docs --generate
  • ./target/dev-release/ntnt validate examples/
  • ./target/dev-release/ntnt lint examples/
  • ./target/dev-release/ntnt validate examples/std_net_tls.tnt
  • ./target/dev-release/ntnt lint examples/std_net_tls.tnt
  • NTNT_NET_TLS_EXAMPLES=1 ./target/dev-release/ntnt run examples/std_net_tls.tnt
  • git diff --check
  • independent cold review

@larimonious larimonious mentioned this pull request Jun 7, 2026
Closed
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Jun 7, 2026
edited
Loading

Greptile Summary

This PR adds TLS certificate inspection to std/net. The main changes are:

  • New tls_info(host, opts?) native function with certificate metadata and validation status.
  • Rustls-based TLS connection, certificate parsing, and root-store validation.
  • Private target policy support aligned with existing network helpers.
  • Typechecker coverage, stdlib documentation, and an opt-in public TLS example.
  • Local TLS fixture tests for metadata collection when validation fails.

Confidence Score: 5/5

This looks safe to merge.

  • No blocking issues found in the changed code.
  • The latest TLS timeout fix now uses a shared deadline through the TCP connect and nonblocking handshake loop.
  • Certificate validation uses the observed certificate chain rather than a second connection.

Important Files Changed

Filename Overview
src/stdlib/net.rs Adds tls_info and updates TLS handshake handling to use nonblocking I/O with a shared deadline.

Reviews (4): Last reviewed commit: "fix(std-net): enforce TLS handshake dead..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 7, 2026
View reviewed changes
Comment thread src/stdlib/net.rs Outdated
Comment thread src/stdlib/net.rs Outdated
Comment thread src/stdlib/net.rs Outdated
Comment thread Cargo.toml Outdated
Comment thread docs/AI_AGENT_GUIDE.md Outdated
Comment thread tests/std_net_tests.rs Outdated
greptile-apps[bot]
greptile-apps Bot reviewed Jun 7, 2026
View reviewed changes
Comment thread src/stdlib/net.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@larimonious