search

aiortc / aioquic

QUIC and HTTP/3 implementation in Python
BSD 3-Clause "New" or "Revised" License
1.6k stars 229 forks source link

Only load certifi if no alternates have been specified. [#476] #479

Closed rthalley closed 3 months ago

rthalley commented 4 months ago

This makes tls.py only load the certifi CA info if no alternate CA configuration has been specified.

codecov[bot] commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (ae282aa) to head (1c71326).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #479 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 25 25 Lines 4966 4967 +1 ========================================= + Hits 4966 4967 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

rthalley commented 4 months ago

I have tested this by hand and it still has 100% coverage, but there is no unit test specifically that a certificate valid from certifi's POV is NOT valid if a cafile with just a self-signed cert is provided. I haven't come up with a good way to do this yet, as I didn't want to check a real but probably short-lived certificate into the repo, nor did I want to require live Internet.

jlaine commented 3 months ago

I have tested this by hand and it still has 100% coverage, but there is no unit test specifically that a certificate valid from certifi's POV is NOT valid if a cafile with just a self-signed cert is provided. I haven't come up with a good way to do this yet, as I didn't want to check a real but probably short-lived certificate into the repo, nor did I want to require live Internet.

Yeah I don't see a good way of testing this, but I'll live with it.

jlaine commented 3 months ago

Uhoh, CI failed :

https://github.com/aiortc/aioquic/actions/runs/8225502073/job/22490610307