Merged
Conversation
cpu
commented
Jan 4, 2024
Closed
complexspaces
requested changes
Jan 4, 2024
rustls-platform-verifier/src/tests/verification_real_world/mod.rs
Outdated
Show resolved
Hide resolved
This commit relaxes the cfg gates that previously were Linux specific to allow Unix generally. Care is taken to ensure we still handle MacOS/iOS/Android specially where required. FreeBSD in CI seems to be unable to use openssl-probe to find the system CA bundle, so we also add a BSD-specific dev-dependency on webpki-roots and update the real world verification suite to conditionally use the `Verifier::new_with_extra_roots` constructor to provide extra CA certs from webpki-roots. It might be possible to fix the FreeBSD runner so that openssl-probe works (e.g. by `curl`ing a CA bundle into a different location, or setting the `SSL_CERT_FILE` env var) but this approach has the benefit of adding coverage for `new_with_extra_roots`.
Since GitHub actions doesn't offer FreeBSD runners we follow the Quinn project's lead and use `vmactions/freebsd-vm@v1` to run a FreeBSD VM on the runner, and our tests within the VM.
complexspaces
approved these changes
Jan 5, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This branch relaxes the cfg gates that previously were Linux specific to allow Unix generally. Care is taken to ensure we still handle MacOS/iOS/Android specially where required.
FreeBSD in CI seems to be unable to use openssl-probe to find the system CA bundle, so we also add a BSD-specific dev-dependency on webpki-roots and update the real world verification suite to conditionally use the
Verifier::new_with_extra_rootsconstructor to provide extra CA certs from webpki-roots.It might be possible to fix the FreeBSD runner so that openssl-probe works (e.g. by
curling a CA bundle into a different location, or setting theSSL_CERT_FILEenv var) but this approach has the benefit of adding coverage fornew_with_extra_roots.Since GitHub actions doesn't offer FreeBSD runners we follow the Quinn project's lead and use
vmactions/freebsd-vm@v1to run a FreeBSD VM on the runner, and our tests within the VM.Resolves #53