From b36aaf0fad524358367c2993940ff09629be5692 Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Thu, 22 Apr 2021 11:43:44 -0700
Subject: [PATCH] Make `verify_for_name` a bit more ergonomic; add a smoketest.

---
 Cargo.toml           |  1 +
 src/end_entity.rs    |  4 ++--
 src/name/name.rs     |  7 +++++++
 tests/integration.rs | 10 ++++++++++
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 28a5601e..cdfd2167 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -38,6 +38,7 @@ include = [
     "src/name.rs",
     "src/name/dns_name.rs",
     "src/name/ip_address.rs",
+    "src/name/name.rs",
     "src/name/verify.rs",
     "src/signed_data.rs",
     "src/time.rs",
diff --git a/src/end_entity.rs b/src/end_entity.rs
index b94486ea..8a8c57df 100644
--- a/src/end_entity.rs
+++ b/src/end_entity.rs
@@ -140,8 +140,8 @@ impl<'a> EndEntityCert<'a> {
     }
 
     /// Verifies that the certificate is valid for the given DNS host name.
-    pub fn verify_for_name(&self, name: Name) -> Result<(), Error> {
-        match name {
+    pub fn verify_for_name<'n>(&self, name: impl Into<Name<'n>>) -> Result<(), Error> {
+        match name.into() {
             Name::DnsName(dns_name) => name::verify_cert_dns_name(&self, dns_name),
         }
     }
diff --git a/src/name/name.rs b/src/name/name.rs
index e379f126..86e776cb 100644
--- a/src/name/name.rs
+++ b/src/name/name.rs
@@ -21,3 +21,10 @@ pub enum Name<'a> {
     /// A DNS name.
     DnsName(DnsNameRef<'a>),
 }
+
+impl<'a> From<DnsNameRef<'a>> for Name<'a> {
+    #[inline]
+    fn from(name: DnsNameRef<'a>) -> Self {
+        Self::DnsName(name)
+    }
+}
diff --git a/tests/integration.rs b/tests/integration.rs
index 598641d3..8f0b0aeb 100644
--- a/tests/integration.rs
+++ b/tests/integration.rs
@@ -13,6 +13,7 @@
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use core::convert::TryFrom;
+
 extern crate webpki;
 
 static ALL_SIGALGS: &[&webpki::SignatureAlgorithm] = &[
@@ -51,6 +52,15 @@ pub fn netflix() {
         Ok(()),
         cert.verify_is_valid_tls_server_cert(ALL_SIGALGS, &anchors, &[inter], time)
     );
+
+    let name = webpki::DnsNameRef::try_from_ascii_str("netflix.com").unwrap();
+    assert_eq!(Ok(()), cert.verify_for_name(name));
+
+    let wrong_name = webpki::DnsNameRef::try_from_ascii_str("netflix.co").unwrap();
+    assert_eq!(
+        Err(webpki::Error::CertNotValidForName),
+        cert.verify_for_name(wrong_name)
+    );
 }
 
 #[test]