Add pki-https feature to prevent local cert validation on all-features#1091
Add pki-https feature to prevent local cert validation on all-features#1091benalleng wants to merge 1 commit intopayjoin:masterfrom
Conversation
| set -e | ||
|
|
||
| cargo test --locked --package payjoin-cli --verbose --all-features | ||
| cargo test --locked --package payjoin-cli --verbose --no-default-features --features "v1,v2,_manual-tls" |
There was a problem hiding this comment.
The tests fail with the previous setup where all features obviously prevents these tests from working as expected
| for feature in "${features[@]}"; do | ||
| # Don't duplicate --all-targets clippy. Clilppy end-user code, not tests. | ||
| cargo clippy --no-default-features --features "$feature" -- -D warnings | ||
| cargo clippy --no-default-features --features "$feature,_manual-tls" -- -D warnings |
There was a problem hiding this comment.
There is a holdout with the certificate_key in the config being dead code when building with just v1 or v2 enabled.
|
@benalleng
|
Rip, my keyboard's w key is broken and either gets 0 presses or 2+, will amend, but this will likely happen again 😢 |
Pull Request Test Coverage Report for Build 17841014742Details
💛 - Coveralls |
benalleng
force-pushed
the
payjoin-cli-pki-feature
branch
from
88f4424 to
afe69a9
Compare
|
Code coverage is down 5.5% which probably means we're skipping over some tests here. |
benalleng
force-pushed
the
payjoin-cli-pki-feature
branch
2 times, most recently
from
ef714af to
f1be0cf
Compare
|
I am a little confused about what is being skipped here, based on this it seems like every test in the e2e-cli is still run |
By adding a pki-https flag and creating specific cfg flags through the cli crate we can effectively prevent local cert validation from occurring when building the crate with all features. I think perhaps some more clarification is needed as to how we want to handle tests in these cases.
benalleng
force-pushed
the
payjoin-cli-pki-feature
branch
from
f1be0cf to
7d8163a
Compare
|
hmm, isn't we no longer skip certificate verification anywhere, instead we just allow a root certificate to be added manually, which is a useful feature in its own right and not necessarily insecure unless i'm missing something i think the issue can be closed without merging this and we can just rename and document the _manual_tls flag accordingly |
|
Ok, I wasn't sure if we wanted to go a step further and prevent these manual root certificate functions accessible at all when building with |
|
Yeah it happened in several steps, I guess technically #913 resolved it, but i forgot to note that since the intent was to fix a testing problem |
5 participants
By adding a pki-https flag and creating specific cfg flags through the cli crate we can effectively prevent local cert validation from occurring when building the crate with all features.
I think perhaps some more clarification is needed as to how we want to handle tests in these cases.
Closes #451
Chat gpt helped me grok once and for all how cfg flags work
Pull Request Checklist
Please confirm the following before requesting review:
AI
in the body of this PR.