Merge branch 'main' into install_nix_ktls

maddeleine · Dec 10, 2024 · 07dc4b4 · 07dc4b4
2 parents 82a5adc + 3c4ea72
commit 07dc4b4
Show file tree

Hide file tree

Showing 13 changed files with 636 additions and 251 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,13 +10,27 @@ updates:
     directory: "/.github/workflows"
     schedule:
       interval: "daily"
+    groups:
+      all-gha-updates:
+        patterns:
+          - "*"
 
-  # Maintain dependencies for cargo
+  # permissive-MSRV, batch updates are acceptable
   - package-ecosystem: "cargo"
     directories:
-      - "/bindings/rust"
       - "/bindings/rust-examples"
       - "/tests/pcap"
       - "/tests/regression"
     schedule:
       interval: "daily"
+    groups:
+      all-cargo-updates:
+        patterns:
+          - "*"
+
+  # restricted-MSRV, so don't do batch updates
+  - package-ecosystem: "cargo"
+    directories:
+      - "/bindings/rust"
+    schedule:
+      interval: "daily"
diff --git a/bindings/rust/s2n-tls/src/callbacks/pkey.rs b/bindings/rust/s2n-tls/src/callbacks/pkey.rs
@@ -128,7 +128,7 @@ mod tests {
         testing::{self, *},
     };
     use core::task::{Poll, Waker};
-    use futures_test::task::new_count_waker;
+    use futures_test::task::{new_count_waker, noop_waker};
     use openssl::{ec::EcKey, ecdsa::EcdsaSig};
 
     type Error = Box<dyn std::error::Error>;
@@ -350,4 +350,52 @@ mod tests {
         assert_test_error(err, ERROR);
         Ok(())
     }
+
+    /// pkey offload should also work with public certs created from
+    /// [CertificateChain::from_public_pems].
+    #[test]
+    fn app_owned_public_cert() -> Result<(), Error> {
+        struct TestPkeyCallback;
+        impl PrivateKeyCallback for TestPkeyCallback {
+            fn handle_operation(
+                &self,
+                conn: &mut connection::Connection,
+                op: PrivateKeyOperation,
+            ) -> Result<Option<Pin<Box<dyn ConnectionFuture>>>, error::Error> {
+                ecdsa_sign(op, conn, KEY)?;
+                Ok(None)
+            }
+        }
+
+        let public_chain = {
+            let mut chain = crate::cert_chain::Builder::new()?;
+            chain.load_public_pem(CERT)?;
+            chain.build()?
+        };
+
+        let server_config = {
+            let mut config = config::Builder::new();
+            config
+                .set_security_policy(&security::DEFAULT_TLS13)?
+                .load_chain(public_chain)?
+                .set_private_key_callback(TestPkeyCallback)?;
+            config.build()?
+        };
+
+        let client_config = {
+            let mut config = config::Builder::new();
+            config
+                .set_security_policy(&security::DEFAULT_TLS13)?
+                .set_verify_host_callback(InsecureAcceptAllCertificatesHandler {})?
+                .trust_pem(CERT)?;
+            config.build()?
+        };
+
+        let mut pair = TestPair::from_configs(&client_config, &server_config);
+        pair.server.set_waker(Some(&noop_waker()))?;
+
+        assert!(pair.handshake().is_ok());
+
+        Ok(())
+    }
 }