)]}' { "commit": "df3b58ea74c50ff785ab902be3b007ff008d3e3c", "tree": "e87b42c56fbc1fcd290454b333d4f6230fd8d483", "parents": [ "a9a3ca49444bb1efac115e64d3ab469c54bec984" ], "author": { "name": "Roland Shoemaker", "email": "bracewell@google.com", "time": "Mon Aug 21 09:45:18 2023 -0700" }, "committer": { "name": "Boringssl LUCI CQ", "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com", "time": "Wed Feb 28 18:04:35 2024 +0000" }, "message": "Generate certs on the fly in runner, pass trusted cert to shim\n\nRather than using the pre-generated certificates, generate them on the\nfly. This allows TLS stacks for which certificate validation and\nverification are coupled to work as expected. Certificates and keys are\nwritten to temporary files which are then passed to the shim, and\ncleaned up on exit. This requires reworking how testCase passes\ncerts/keys by adding a new field, sendCertificate, rather than manually\nsetting the -cert-file and -key-file flags. Incidentally the\nrsaChainCertificate is removed, since it was essentially unused, and all\ntests that used it also work with rsaCertificate. Finally, include a\nsingle SAN (\"test\") in all certificates, which fixes some TLS stacks\nwhich require this to operate (such as rustls, which currently\nregenerates all the certificates currently in the tree to add a SAN).\n\nAdditionally, add a new flag, -trust-cert, which tells the the shim\nwhich certificates it should trust. Shims for TLS stacks which\ncan completely decouple validation and verification of X509 certificates\n(like BoringSSL) can ignore this flag, but for stacks where this\nfunctionality is somewhat more intertwined (like Go), this allows the\nshim to properly process the sent certificates.\n\nChange-Id: Ic5c63e18fb2b852cc693aacb3b06cfe7993bc90c\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/62565\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "delete", "old_id": "c360dc73177a9ba295c728cbc6cd3663482ef180", "old_mode": 33188, "old_path": "ssl/test/runner/cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "604752bcdaca2fd6e394b02de49486a99ceb06d3", "old_mode": 33188, "old_path": "ssl/test/runner/channel_id_key.pem", "new_id": "83eb53a459a6db5c33b635dc3fd18bdc8b5ef9c4", "new_mode": 33188, "new_path": "ssl/test/runner/channel_id_key.pem" }, { "type": "modify", "old_id": "f7dcb9bf47c6c1152bf014e3183343007cc57205", "old_mode": 33188, "old_path": "ssl/test/runner/cipher_suites.go", "new_id": "656a8c1fe896600a283e6236b2e5fdab2756b1fd", "new_mode": 33188, "new_path": "ssl/test/runner/cipher_suites.go" }, { "type": "modify", "old_id": "676826f017b7f9fcacb6f8b09638a0a0de57b302", "old_mode": 33188, "old_path": "ssl/test/runner/common.go", "new_id": "5bb533d3693c73d486549a3ab0b43c1d7d71844e", "new_mode": 33188, "new_path": "ssl/test/runner/common.go" }, { "type": "delete", "old_id": "29246a2eac338aa755644809bb78a96efcf4724a", "old_mode": 33188, "old_path": "ssl/test/runner/ecdsa_p224_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "50bcbf5bfdbe92ae0282c8fdaa82f93fd6fbd63b", "old_mode": 33188, "old_path": "ssl/test/runner/ecdsa_p256_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "1fd3fec63dc4a6d847e0ab8db48ed42f02371625", "old_mode": 33188, "old_path": "ssl/test/runner/ecdsa_p384_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "8b9a1e8384a9b9cee757ef093363c4e9e2b128f1", "old_mode": 33188, "old_path": "ssl/test/runner/ecdsa_p521_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "308c2c9d284e56b4f6e8b249d7f394d4b959b250", "old_mode": 33188, "old_path": "ssl/test/runner/ed25519_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "e6db3f4ff857105feefca4bd930baf848b8cd944", "old_mode": 33188, "old_path": "ssl/test/runner/handshake_client.go", "new_id": "9b57b5907d36b5fc109e4cca60215757de072413", "new_mode": 33188, "new_path": "ssl/test/runner/handshake_client.go" }, { "type": "modify", "old_id": "aeb950bb974deacf5bafc3dc19ea0c0bd2b227a0", "old_mode": 33188, "old_path": "ssl/test/runner/handshake_server.go", "new_id": "8ad49cae22468b2288c0955568e9c61422ad4cda", "new_mode": 33188, "new_path": "ssl/test/runner/handshake_server.go" }, { "type": "modify", "old_id": "95ef5317755b4b5c33f240dcd8f48d0747c4a0b5", "old_mode": 33188, "old_path": "ssl/test/runner/key_agreement.go", "new_id": "e5138523fc6447db282758569ad694d6b0e1951e", "new_mode": 33188, "new_path": "ssl/test/runner/key_agreement.go" }, { "type": "delete", "old_id": "4de4f49a34d0b30502d374ee1503727e4d145a03", "old_mode": 33188, "old_path": "ssl/test/runner/rsa_1024_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "rename", "old_id": "aeba1865d637845cf8dcf36c6dca00f4a3bcab0d", "old_mode": 33188, "old_path": "ssl/test/runner/key.pem", "new_id": "aeba1865d637845cf8dcf36c6dca00f4a3bcab0d", "new_mode": 33188, "new_path": "ssl/test/runner/rsa_2048_key.pem", "score": 100 }, { "type": "delete", "old_id": "8eb6e60edadf736bd759563e8f39b79214f9ea43", "old_mode": 33188, "old_path": "ssl/test/runner/rsa_chain_cert.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "delete", "old_id": "d94d7044225b43116a01da2b108cf2e9cbfe30a6", "old_mode": 33188, "old_path": "ssl/test/runner/rsa_chain_key.pem", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "8ddb590983af6e87c36bc0d0c2fe9524f0941356", "old_mode": 33188, "old_path": "ssl/test/runner/runner.go", "new_id": "c787f058a4bfd16b5fd7aad400b4b03d9b66102c", "new_mode": 33188, "new_path": "ssl/test/runner/runner.go" }, { "type": "modify", "old_id": "6e57d181970a4582adcec797cdad919eeffceffb", "old_mode": 33188, "old_path": "ssl/test/runner/tls.go", "new_id": "bd94275ce27e9ca249edad58dd34dc7246cab3ea", "new_mode": 33188, "new_path": "ssl/test/runner/tls.go" }, { "type": "modify", "old_id": "c6cbb776c78c45e6d7a581cc855d1e13e629deab", "old_mode": 33188, "old_path": "ssl/test/test_config.cc", "new_id": "71812c59bbc8dfe53ced29e99384ad6da4625985", "new_mode": 33188, "new_path": "ssl/test/test_config.cc" }, { "type": "modify", "old_id": "f302ff251ab6e3ae09ae1bc652baf7ebf6debd3d", "old_mode": 33188, "old_path": "ssl/test/test_config.h", "new_id": "4be2b604cecd0c9a31e203df77c3dbd23b0fd30d", "new_mode": 33188, "new_path": "ssl/test/test_config.h" }, { "type": "modify", "old_id": "6c793d2d69aafff25cd28c209a5e1392ac6c0021", "old_mode": 33188, "old_path": "util/run_android_tests.go", "new_id": "acc5c6bf1736a49a978d8740083f498b8f407c45", "new_mode": 33188, "new_path": "util/run_android_tests.go" } ] }