subject_name: more specific errs for invalid names.

[cpu]

Previously the presented_id_matches_constraint and presented_id_matches_reference_id functions used by verify_cert_dns_name would return an Option<bool>, with the None case translated into Error::BadDer. This makes it difficult for downstream users to know that the encoding error was specific to an invalid presented DNS ID, or a DNS name constraint.

This commit introduces two new error variants: MalformedDnsIdentifier and MalformedNameConstraint. The presented_id_matches_constraint and presented_id_matches_reference_id functions are changed to return Result<bool, Error> using the new error types. This better matches the presented_id_matches_reference_id and presented_id_matches_constraint impls. used for IpAddress subjects that already return Result<bool, Error>, allowing yielding a InvalidNetworkMaskConstraint error.

Resolves #59

[codecov]

Codecov Report

Merging #60 (81656d5) into main (15acd62) will decrease coverage by 0.04%.
The diff coverage is 68.42%.

@@            Coverage Diff             @@
##             main      #60      +/-   ##
==========================================
- Coverage   93.78%   93.74%   -0.04%     
==========================================
  Files          14       13       -1     
  Lines        2573     2574       +1     
==========================================
  Hits         2413     2413              
- Misses        160      161       +1     

Impacted Files	Coverage Δ
src/end_entity.rs	54.54% <ø> (ø)
src/error.rs	25.00% <ø> (ø)
src/verify_cert.rs	89.84% <ø> (ø)
src/subject_name/dns_name.rs	86.91% <66.66%> (-0.24%)	⬇️
src/subject_name/verify.rs	95.81% <75.00%> (ø)

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[djc]

Nice!