From 66e7554b03d7fdf61799e39388cdad283bb22d9e Mon Sep 17 00:00:00 2001 From: ComplexSpaces Date: Thu, 17 Oct 2024 12:18:33 -0700 Subject: [PATCH] Add basic support for other Apple platforms --- .github/workflows/ci.yml | 10 ++++++++++ rustls-platform-verifier/Cargo.toml | 4 ++-- .../src/tests/verification_mock/mod.rs | 16 +++++++++++----- rustls-platform-verifier/src/verification/mod.rs | 14 +++++--------- .../src/verification/others.rs | 4 +--- 5 files changed, 29 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index acb4fd4..2703b5e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,16 @@ jobs: rustup component add rust-src --toolchain nightly-aarch64-apple-darwin cargo +nightly clippy -Zbuild-std --target aarch64-apple-tvos + - name: Clippy (watchOS) + run: | + rustup component add rust-src --toolchain nightly-aarch64-apple-darwin + cargo +nightly clippy -Zbuild-std --target aarch64-apple-watchos + + - name: Clippy (visionOS) + run: | + rustup component add rust-src --toolchain nightly-aarch64-apple-darwin + cargo +nightly clippy -Zbuild-std --target aarch64-apple-visionos + clippy: name: Clippy (stable) runs-on: ${{ matrix.os }} diff --git a/rustls-platform-verifier/Cargo.toml b/rustls-platform-verifier/Cargo.toml index 002a52d..8c7cdad 100644 --- a/rustls-platform-verifier/Cargo.toml +++ b/rustls-platform-verifier/Cargo.toml @@ -36,7 +36,7 @@ jni = { version = "0.19", default-features = false, optional = true } # Only use once_cell = "1.9" paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled -[target.'cfg(all(unix, not(target_os = "android"), not(target_os = "macos"), not(target_os = "ios"), not(target_os = "tvos"), not(target_arch = "wasm32")))'.dependencies] +[target.'cfg(all(unix, not(target_os = "android"), not(target_vendor = "apple"), not(target_arch = "wasm32")))'.dependencies] rustls-native-certs = "0.7" webpki = { package = "rustls-webpki", version = "0.102", default-features = false } @@ -54,7 +54,7 @@ webpki-root-certs = "0.26" [target.'cfg(target_os = "freebsd")'.dev-dependencies] webpki-root-certs = "0.26" -[target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))'.dependencies] +[target.'cfg(any(target_vendor = "apple"))'.dependencies] core-foundation = "0.9" core-foundation-sys = "0.8" security-framework = { version = "2.10", features = ["OSX_10_14"] } diff --git a/rustls-platform-verifier/src/tests/verification_mock/mod.rs b/rustls-platform-verifier/src/tests/verification_mock/mod.rs index f767be1..dec0b45 100644 --- a/rustls-platform-verifier/src/tests/verification_mock/mod.rs +++ b/rustls-platform-verifier/src/tests/verification_mock/mod.rs @@ -13,7 +13,13 @@ //! any parts of the system outside of these tests. See the `#![cfg(...)]` //! immediately below to see which platforms run these tests. -#![cfg(all(any(windows, unix, target_os = "android"), not(target_os = "tvos"),))] +#![cfg(all( + any(windows, unix, target_os = "android"), + // These OSes require a simulator runtime and bundle. + not(target_os = "tvos"), + not(target_os = "watchos"), + not(target_os = "visionos") +))] use super::TestCase; use crate::tests::{assert_cert_error_eq, ensure_global_state, verification_time}; @@ -205,7 +211,7 @@ mock_root_test_cases! { // Check that self-signed certificates, which may or may not be revokved, do not return any // kind of revocation error. It is expected that non-public certificates without revocation information // have no revocation checking performed across platforms. - revoked_dns [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase { + revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase { reference_id: EXAMPLE_COM, chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1], stapled_ocsp: None, @@ -213,7 +219,7 @@ mock_root_test_cases! { expected_result: Ok(()), other_error: no_error!(), }, - stapled_revoked_dns [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase { + stapled_revoked_dns [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase { reference_id: EXAMPLE_COM, chain: &[include_bytes!("root1-int1-ee_example.com-revoked.crt"), ROOT1_INT1], stapled_ocsp: Some(include_bytes!("root1-int1-ee_example.com-revoked.ocsp")), @@ -221,7 +227,7 @@ mock_root_test_cases! { expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)), other_error: no_error!(), }, - stapled_revoked_ipv4 [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase { + stapled_revoked_ipv4 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase { reference_id: LOCALHOST_IPV4, chain: &[include_bytes!("root1-int1-ee_127.0.0.1-revoked.crt"), ROOT1_INT1], stapled_ocsp: Some(include_bytes!("root1-int1-ee_127.0.0.1-revoked.ocsp")), @@ -229,7 +235,7 @@ mock_root_test_cases! { expected_result: Err(TlsError::InvalidCertificate(CertificateError::Revoked)), other_error: no_error!(), }, - stapled_revoked_ipv6 [ any(windows, target_os = "android", target_os = "macos", target_os = "ios") ] => TestCase { + stapled_revoked_ipv6 [ any(windows, target_os = "android", target_vendor = "apple") ] => TestCase { reference_id: LOCALHOST_IPV6, chain: &[include_bytes!("root1-int1-ee_1-revoked.crt"), ROOT1_INT1], stapled_ocsp: Some(include_bytes!("root1-int1-ee_1-revoked.ocsp")), diff --git a/rustls-platform-verifier/src/verification/mod.rs b/rustls-platform-verifier/src/verification/mod.rs index e55d71d..baf3ce4 100644 --- a/rustls-platform-verifier/src/verification/mod.rs +++ b/rustls-platform-verifier/src/verification/mod.rs @@ -4,25 +4,21 @@ use std::sync::Arc; #[cfg(all( any(unix, target_arch = "wasm32"), not(target_os = "android"), - not(target_os = "macos"), - not(target_os = "ios"), - not(target_os = "tvos") + not(target_vendor = "apple"), ))] mod others; #[cfg(all( any(unix, target_arch = "wasm32"), not(target_os = "android"), - not(target_os = "macos"), - not(target_os = "ios"), - not(target_os = "tvos") + not(target_vendor = "apple"), ))] pub use others::Verifier; -#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))] +#[cfg(target_vendor = "apple")] mod apple; -#[cfg(any(target_os = "macos", target_os = "ios", target_os = "tvos"))] +#[cfg(target_vendor = "apple")] pub use apple::Verifier; #[cfg(target_os = "android")] @@ -67,7 +63,7 @@ fn log_server_cert(_end_entity: &rustls::pki_types::CertificateDer<'_>) { // Unknown certificate error shorthand. Used when we need to construct an "Other" certificate // error with a platform specific error message. -#[cfg(any(windows, target_os = "macos", target_os = "ios", target_os = "tvos"))] +#[cfg(any(windows, target_vendor = "apple"))] fn invalid_certificate(reason: impl Into) -> rustls::Error { rustls::Error::InvalidCertificate(rustls::CertificateError::Other(rustls::OtherError( Arc::from(Box::from(reason.into())), diff --git a/rustls-platform-verifier/src/verification/others.rs b/rustls-platform-verifier/src/verification/others.rs index 9a0c39b..a7f4c23 100644 --- a/rustls-platform-verifier/src/verification/others.rs +++ b/rustls-platform-verifier/src/verification/others.rs @@ -124,9 +124,7 @@ impl Verifier { #[cfg(all( unix, not(target_os = "android"), - not(target_os = "macos"), - not(target_os = "ios"), - not(target_os = "tvos"), + not(target_vendor = "apple"), not(target_arch = "wasm32"), ))] match rustls_native_certs::load_native_certs() {