Fix OpenSslCertificateException error code validation#6581
Closed
normanmaurer wants to merge 1 commit into4.1from
Closed
Fix OpenSslCertificateException error code validation#6581normanmaurer wants to merge 1 commit into4.1from
normanmaurer wants to merge 1 commit into4.1from
Conversation
normanmaurer
commented
Mar 29, 2017
|
|
||
| // Package-private for testing | ||
| static boolean isValid(int errorCode) { | ||
| return errorCode == CertificateVerifier.X509_V_OK || |
Member
Author
There was a problem hiding this comment.
can't use a switch here :(
normanmaurer
commented
Mar 29, 2017
| // Package-private for testing | ||
| static boolean isValid(int errorCode) { | ||
| return errorCode == CertificateVerifier.X509_V_OK || | ||
| errorCode == CertificateVerifier.X509_V_ERR_UNSPECIFIED || |
Member
Author
There was a problem hiding this comment.
@Scottmitch I am not sure if this should life here or if we should better move it to tcnative. WDYT ?
fenik17
reviewed
Mar 29, 2017
| errorCode == CertificateVerifier.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT || | ||
| errorCode == CertificateVerifier.X509_V_ERR_UNABLE_TO_GET_CRL || | ||
| errorCode == CertificateVerifier.X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE || | ||
| errorCode == CertificateVerifier. X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE || |
Contributor
There was a problem hiding this comment.
nit: out of place a whitespace
fenik17
reviewed
Mar 29, 2017
| errorCode == CertificateVerifier.X509_V_ERR_INVALID_NON_CA || | ||
| errorCode == CertificateVerifier.X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED || | ||
| errorCode == CertificateVerifier.X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE || | ||
| errorCode == CertificateVerifier. X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED || |
Contributor
There was a problem hiding this comment.
nit: out of place a whitespace
31b4871 to
75b27e9
Compare
Member
Author
|
@fenik17 PTAL again |
fenik17
reviewed
Mar 29, 2017
Contributor
There was a problem hiding this comment.
needless whitespace still here )
fenik17
reviewed
Mar 29, 2017
75b27e9 to
b301f9d
Compare
fenik17
approved these changes
Mar 29, 2017
fenik17
reviewed
Mar 29, 2017
Contributor
There was a problem hiding this comment.
in manmaster 404 for this link..
b301f9d to
98936ff
Compare
Member
|
@normanmaurer - regarding #6581 (comment) ... it seems less likely we will miss updating the validation logic if the validation code lives in tcnative ... and there is a clear relationship between the values and the validation code. |
Member
Author
|
@Scottmitch yep sounds good to me as well. Let me move it to tcnative |
98936ff to
d4c38a7
Compare
Member
Author
|
This depends on netty/netty-tcnative#260 |
Scottmitch
requested changes
Mar 31, 2017
| do { | ||
| errorCode++; | ||
| assert errorCode < Integer.MAX_VALUE; | ||
| } while (CertificateVerifier.isValid(errorCode)); |
Member
There was a problem hiding this comment.
simplify this test just like we did in tcnative.
Motivation: In OpenSslCertificateException we tried to validate the supplied error code but did not correctly account for all different valid error codes and so threw an IllegalArgumentException. Modifications: - Fix validation by updating to latest netty-tcnative and use CertificateVerifier.isValid - Add unit tests Result: Validation of error code works as expected.
Member
Author
|
Addressed |
d4c38a7 to
c0db3df
Compare
Scottmitch
approved these changes
Mar 31, 2017
Member
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
In OpenSslCertificateException we tried to validate the supplied error code but did not correctly account for all different valid error codes and so threw an IllegalArgumentException.
Modifications:
Result:
Validation of error code works as expected.