Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redesign name validation API to allow extensibility in the types of names #218

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Redesign name validation API to allow extensibility in the types of names #218

wants to merge 2 commits into from

Conversation

briansmith
Copy link
Owner

In particular, prepare for allowing IP addresses in an API-compatible way.

@briansmith briansmith self-assigned this Apr 21, 2021
@briansmith briansmith mentioned this pull request Apr 21, 2021
Open
@briansmith
Redesign name validation API to allow extensibility in the types of n…
4a2a921 
…ames.

In particular, prepare for allowing IP addresses in an API-compatible way.
@codecov
Copy link

codecov bot commented Apr 21, 2021
edited
Loading

Codecov Report

Merging #218 (b36aaf0) into main (81bd1e3) will increase coverage by 3.16%.
The diff coverage is 72.72%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #218      +/-   ##
==========================================
+ Coverage   51.91%   55.07%   +3.16%     
==========================================
  Files          17       18       +1     
  Lines        2034     2048      +14     
==========================================
+ Hits         1056     1128      +72     
+ Misses        978      920      -58
Impacted Files Coverage Δ
src/lib.rs 1.49% <0.00%> (ø)
src/end_entity.rs 42.46% <44.44%> (+10.07%) ⬆️
src/name/name.rs 100.00% <100.00%> (ø)
tests/integration.rs 100.00% <100.00%> (ø)
src/name/dns_name.rs 64.62% <0.00%> (+2.16%) ⬆️
src/name/verify.rs 30.81% <0.00%> (+26.74%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 81bd1e3...b36aaf0. Read the comment docs.

djc
djc previously approved these changes Apr 21, 2021
View reviewed changes
Copy link

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me!

lucab
lucab reviewed Apr 21, 2021
View reviewed changes
src/name/name.rs
/// A name that identifies a subject.
#[derive(Clone, Copy)]
#[non_exhaustive]
pub enum Name<'a> {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this enum is opaque, I think the public API is missing some way for external users to build this. Possibly a DnsNameRef::to_name()?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably just impl<'a> From<DnsNameRef<'a> for Name<'a>?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The enum isn't opaque, but I've added the From implementation anyway.

@briansmith
Copy link
Owner Author

So...here's the thing I don't like about this API: Almost definitely we're going to add IP address support to it to support a few niche users. Probably we'd eventually add other kinds of names (directoryName and emailAddress come to mind) that almost no applications will want to use--especially for TLS server names. If we have APIs with name: Into<webpki::Name> inputs, it's likely those APIs will accept these inappropriate names in contexts where they probably shouldn't. And I suppose things built on top of webpki would be tempted to have APIs with name: Into<webpki::Name> or equivalent too. Probably at least I need to update the docs for these APIs to indicate that one should be careful with that.

@djc
Copy link

djc commented Apr 22, 2021

Maybe you could set it up such that EndEntity only supports some kinds in the default configuration, and you have to explicitly enable other kinds when building the EndEntity?

@zh-jq
Copy link

zh-jq commented Jul 30, 2021

Any progress?

@rukai rukai mentioned this pull request Aug 31, 2021
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc left review comments

@lucab lucab lucab left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@briansmith briansmith

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@briansmith @djc @zh-jq @lucab