enable tests with expired cert

fix verify_chain test by ignoring CERT_EXPIRED error
fortanix · Dec 20, 2022 · 98948fc · 98948fc
1 parent 9cdb8ea
commit 98948fc
Showing 1 changed file with 5 additions and 9 deletions.
diff --git a/mbedtls/src/x509/certificate.rs b/mbedtls/src/x509/certificate.rs
@@ -100,6 +100,7 @@ impl Certificate {
         let mut cert = MbedtlsBox::<Certificate>::init()?;
         unsafe { x509_crt_parse((&mut (*cert)).into(), pem.as_ptr(), pem.len()) }.into_result()?;
 
+
         if !(*cert).inner.next.is_null() {
             // Use from_pem_multiple for parsing multiple certificates in a pem.
             return Err(Error::X509BadInputData);
@@ -571,7 +572,7 @@ impl MbedtlsList<Certificate> {
         self.inner.is_none()
     }
 
-    pub fn push(&mut self, certificate: MbedtlsBox<Certificate>) {
+    pub fn push(&mut self, certificate: MbedtlsBox<Certificate>) -> () {
         self.append(MbedtlsList::<Certificate> { inner: Some(certificate) });
     }
 
@@ -1023,15 +1024,12 @@ cYp0bH/RcPTC0Z+ZaqSWMtfxRrk63MJQF9EXpDCdvQRcTMD9D85DJrMKn8aumq0M
             // try again after fixing the chain
             chain.push(c_int2.clone());
 
-
-            let mut err_str = String::new();
-
+            // ignore cert expired error
             let verify_callback = |_crt: &Certificate, _depth: i32, verify_flags: &mut VerifyError| {
                 verify_flags.remove(VerifyError::CERT_EXPIRED);
                 Ok(())
             };
-
-            Certificate::verify(&chain, &mut c_root, None, None).unwrap();
+            let mut err_str = String::new();
             let res = Certificate::verify_with_callback(&chain, &mut c_root, None, Some(&mut err_str), verify_callback);
 
             match res {
@@ -1046,13 +1044,11 @@ cYp0bH/RcPTC0Z+ZaqSWMtfxRrk63MJQF9EXpDCdvQRcTMD9D85DJrMKn8aumq0M
             chain.push(c_int1.clone());
             chain.push(c_int2.clone());
 
-            Certificate::verify(&chain, &mut c_root, None, None).unwrap();
-
+            // ignore cert expired error
             let verify_callback = |_crt: &Certificate, _depth: i32, verify_flags: &mut VerifyError| {
                 verify_flags.remove(VerifyError::CERT_EXPIRED);
                 Ok(())
             };
-
             let mut err_str = String::new();
             let res = Certificate::verify_with_callback(&chain, &mut c_root, None, Some(&mut err_str), verify_callback);