Skip to content

Commit

Permalink
Add basic support for other Apple platforms
Browse files Browse the repository at this point in the history
  • Loading branch information
complexspaces committed Oct 17, 2024
1 parent 45c360f commit 5e6332e
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 19 deletions.
10 changes: 10 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ jobs:
rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
cargo +nightly clippy -Zbuild-std --target aarch64-apple-tvos
- name: Clippy (watchOS)
run: |
rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
cargo +nightly clippy -Zbuild-std --target aarch64-apple-watchos
- name: Clippy (visionOS)
run: |
rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
cargo +nightly clippy -Zbuild-std --target aarch64-apple-visionos
clippy:
name: Clippy (stable)
runs-on: ${{ matrix.os }}
Expand Down
4 changes: 2 additions & 2 deletions rustls-platform-verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jni = { version = "0.19", default-features = false, optional = true } # Only use
once_cell = "1.9"
paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled

[target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies]
[target.'cfg(all(unix, not(target_os = "android"), not(target_vendor = "apple"), not(target_arch = "wasm32")))'.dependencies]
rustls-native-certs = "0.7"
webpki = { package = "rustls-webpki", version = "0.102", default-features = false }

Expand All @@ -54,7 +54,7 @@ webpki-root-certs = "0.26"
[target.'cfg(target_os = "freebsd")'.dev-dependencies]
webpki-root-certs = "0.26"

[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))'.dependencies]
[target.'cfg(any(target_vendor = "apple"))'.dependencies]
core-foundation = "0.9"
core-foundation-sys = "0.8"
security-framework = { version = "2.10", features = ["OSX_10_14"] }
Expand Down
16 changes: 11 additions & 5 deletions rustls-platform-verifier/src/tests/verification_mock/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,13 @@
//! any parts of the system outside of these tests. See the `#![cfg(...)]`
//! immediately below to see which platforms run these tests.
#![cfg(all(any(windows, unix, target_os = "android"), not(target_os = "tvos"),))]
#![cfg(all(
any(windows, unix, target_os = "android"),
// These OSes require a simulator runtime and bundle.
not(target_os = "tvos"),
not(target_os = "watchos"),
not(target_os = "visionos")
))]

use super::TestCase;
use crate::tests::{assert_cert_error_eq, ensure_global_state, verification_time};
Expand Down Expand Up @@ -205,31 +211,31 @@ mock_root_test_cases! {
// Check that self-signed certificates, which may or may not be revokved, do not return any
// kind of revocation error. It is expected that non-public certificates without revocation information
// have no revocation checking performed across platforms.
revoked_dns [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase {
revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
reference_id: EXAMPLE_COM,
chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1],
stapled_ocsp: None,
verification_time: verification_time(),
expected_result: Ok(()),
other_error: no_error!(),
},
stapled_revoked_dns [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase {
stapled_revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
reference_id: EXAMPLE_COM,
chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1],
stapled_ocsp: Some(include_bytes!("root1-int1-ee_example.com-revoked.ocsp")),
verification_time: verification_time(),
expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)),
other_error: no_error!(),
},
stapled_revoked_ipv4 [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase {
stapled_revoked_ipv4 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
reference_id: LOCALHOST_IPV4,
chain: &[include_bytes!("root1-int1-ee_127.0.0.1-revoked.crt"), ROOT1_INT1],
stapled_ocsp: Some(include_bytes!("root1-int1-ee_127.0.0.1-revoked.ocsp")),
verification_time: verification_time(),
expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)),
other_error: no_error!(),
},
stapled_revoked_ipv6 [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase {
stapled_revoked_ipv6 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase {
reference_id: LOCALHOST_IPV6,
chain: &[include_bytes!("root1-int1-ee_1-revoked.crt"), ROOT1_INT1],
stapled_ocsp: Some(include_bytes!("root1-int1-ee_1-revoked.ocsp")),
Expand Down
14 changes: 5 additions & 9 deletions rustls-platform-verifier/src/verification/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,21 @@ use std::sync::Arc;
#[cfg(all(
any(unix, target_arch = "wasm32"),
not(target_os = "android"),
not(target_os = "macos"),
not(target_os = "ios"),
not(target_os = "tvos")
not(target_vendor = "apple"),
))]
mod others;

#[cfg(all(
any(unix, target_arch = "wasm32"),
not(target_os = "android"),
not(target_os = "macos"),
not(target_os = "ios"),
not(target_os = "tvos")
not(target_vendor = "apple"),
))]
pub use others::Verifier;

#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))]
#[cfg(target_vendor = "apple")]
mod apple;

#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))]
#[cfg(target_vendor = "apple")]
pub use apple::Verifier;

#[cfg(target_os = "android")]
Expand Down Expand Up @@ -67,7 +63,7 @@ fn log_server_cert(_end_entity: &rustls::pki_types::CertificateDer<'_>) {

// Unknown certificate error shorthand. Used when we need to construct an "Other" certificate
// error with a platform specific error message.
#[cfg(any(windows, target_os = "macos", target_os = "ios", target_os = "tvos"))]
#[cfg(any(windows, target_vendor = "apple"))]
fn invalid_certificate(reason: impl Into<String>) -> rustls::Error {
rustls::Error::InvalidCertificate(rustls::CertificateError::Other(rustls::OtherError(
Arc::from(Box::from(reason.into())),
Expand Down
4 changes: 1 addition & 3 deletions rustls-platform-verifier/src/verification/others.rs
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,7 @@ impl Verifier {
#[cfg(all(
unix,
not(target_os = "android"),
not(target_os = "macos"),
not(target_os = "ios"),
not(target_os = "tvos"),
not(target_vendor = "apple")
not(target_arch = "wasm32"),
))]
match rustls_native_certs::load_native_certs() {
Expand Down

0 comments on commit 5e6332e

Please sign in to comment.