mattrobenolt
commented
5 years ago Is there a reason to also do it in here? We already have a test to verify that it’s parsable, which is what I run after generating.
Closed dolmen closed 5 years ago
mattrobenolt
commented
5 years ago Is there a reason to also do it in here? We already have a test to verify that it’s parsable, which is what I run after generating.
dolmen
commented
5 years ago The point of this test is to fail early. I see no point in generating an invalid certifi.go file.
This is a basic check of the PEM file. I intend to provide more checks such as verifiying that certificates do not expires before at least 3 months or some Mozilla policies. Many of those checks are needed only when the certificates are upgraded.
So far certifi_test.go only checks the public API of certifi, and it can't do much as the CertPool type doesn't even expose the certificate data.
dolmen
commented
5 years ago ping
When generating (updating certs), verify that the downloaded certificate file is parseable before producing certifi.go.