Skip to content

Commit

Permalink
Flatten PKI error variants
Browse files Browse the repository at this point in the history
  • Loading branch information
@djc
djc committed Jul 25, 2021
1 parent b84721e commit 432ed5e
Show file tree
Hide file tree
Showing 8 changed files with 70 additions and 337 deletions.
14 changes: 10 additions & 4 deletions rustls-mio/tests/badssl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,9 @@ mod online {
polite();
connect("expired.badssl.com")
.fails()
.expect(r"TLS error: WebPkiError\(CertExpired, ValidateServerCert\)")
.expect(
r#"TLS error: InvalidCertificateData\("invalid peer certificate: CertExpired"\)"#,
)
.go()
.unwrap();
}
Expand All @@ -48,7 +50,7 @@ mod online {
polite();
connect("wrong.host.badssl.com")
.fails()
.expect(r"TLS error: WebPkiError\(CertNotValidForName, ValidateForDnsName\)")
.expect(r#"TLS error: InvalidCertificateData\("invalid peer certificate: CertNotValidForName"\)"#)
.go()
.unwrap();
}
Expand All @@ -58,7 +60,9 @@ mod online {
polite();
connect("self-signed.badssl.com")
.fails()
.expect(r"TLS error: WebPkiError\((UnknownIssuer|CertExpired), ValidateServerCert\)")
.expect(
r#"TLS error: InvalidCertificateData\("invalid peer certificate: UnknownIssuer"\)"#,
)
.go()
.unwrap();
}
Expand Down Expand Up @@ -133,7 +137,9 @@ mod online {
polite();
connect("sha1-2016.badssl.com")
.fails()
.expect(r"TLS error: WebPkiError\(CertExpired, ValidateServerCert\)")
.expect(
r#"TLS error: InvalidCertificateData\("invalid peer certificate: CertExpired"\)"#,
)
.go()
.unwrap();
}
Expand Down
12 changes: 4 additions & 8 deletions rustls/examples/internal/bogo_shim.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,7 +492,7 @@ fn quit_err(why: &str) -> ! {

fn handle_err(err: rustls::Error) -> ! {
use rustls::internal::msgs::enums::{AlertDescription, ContentType};
use rustls::{Error, WebPkiError};
use rustls::Error;
use std::{thread, time};

println!("TLS error: {:?}", err);
Expand Down Expand Up @@ -525,13 +525,9 @@ fn handle_err(err: rustls::Error) -> ! {
Error::AlertReceived(AlertDescription::DecompressionFailure) => {
quit_err(":SSLV3_ALERT_DECOMPRESSION_FAILURE:")
}
Error::WebPkiError(WebPkiError::BadEncoding, ..) => quit(":CANNOT_PARSE_LEAF_CERT:"),
Error::WebPkiError(WebPkiError::InvalidSignatureForPublicKey, ..) => {
quit(":BAD_SIGNATURE:")
}
Error::WebPkiError(WebPkiError::UnsupportedSignatureAlgorithmForPublicKey, ..) => {
quit(":WRONG_SIGNATURE_TYPE:")
}
Error::InvalidCertificateEncoding => quit(":CANNOT_PARSE_LEAF_CERT:"),
Error::InvalidCertificateSignature => quit(":BAD_SIGNATURE:"),
Error::InvalidCertificateSignatureType => quit(":WRONG_SIGNATURE_TYPE:"),
Error::PeerSentOversizedRecord => quit(":DATA_LENGTH_TOO_LONG:"),
_ => {
println_err!("unhandled error: {:?}", err);
Expand Down
6 changes: 5 additions & 1 deletion rustls/examples/internal/trytls_shim.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,11 @@ fn communicate(

if let Err(err) = client.process_new_packets() {
return match err {
Error::WebPkiError(..) | Error::AlertReceived(_) => Ok(Verdict::Reject(err)),
Error::InvalidCertificateData(_)
| Error::InvalidCertificateSignature
| Error::InvalidCertificateSignatureType
| Error::InvalidCertificateEncoding
| Error::AlertReceived(_) => Ok(Verdict::Reject(err)),
_ => Err(From::from(format!("{:?}", err))),
};
}
Expand Down
4 changes: 2 additions & 2 deletions rustls/src/client/hs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
use crate::bs_debug;
use crate::check::check_message;
use crate::conn::{ConnectionCommon, ConnectionRandoms};
use crate::error::{Error, WebPkiError};
use crate::error::Error;
use crate::hash_hs::HandshakeHashBuffer;
use crate::key_schedule::KeyScheduleEarly;
use crate::kx;
Expand Down Expand Up @@ -802,7 +802,7 @@ impl State for ExpectServerHelloOrHelloRetryRequest {

pub(super) fn send_cert_error_alert(common: &mut ConnectionCommon, err: Error) -> Error {
match err {
Error::WebPkiError(WebPkiError::BadEncoding, _) => {
Error::InvalidCertificateEncoding => {
common.send_fatal_alert(AlertDescription::DecodeError);
}
Error::PeerMisbehavedError(_) => {
Expand Down
Loading

0 comments on commit 432ed5e

Please sign in to comment.