Add comment on SSL certificate's subject and issuer parsing.

Orange-OpenSource · Jun 5, 2024 · 2f5b28a · 2f5b28a
1 parent 07aab17
commit 2f5b28a
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/packages/hurl/src/http/certificate.rs b/packages/hurl/src/http/certificate.rs
@@ -54,13 +54,31 @@ impl TryFrom<CertInfo> for Certificate {
     }
 }
 
+/// Parses certificate's subject attribute.
+///
+/// TODO: we're exposing the subject and issuer directly from libcurl. In the certificate, these
+/// properties are list of pair of key-value.
+/// Through libcurl, these lists are serialized to a string:
+///
+/// Example:
+/// vec![("C","US"),("O","Google Trust Services LLC"),("CN","GTS Root R1"))] =>
+/// "C = US, O = Google Trust Services LLC, CN = GTS Root R1"
+///
+/// We should normalize the serialization (use 'A = B' or 'A=B') to always have the same issuer/
+/// subject given a certain certificate. Actually the value can differ on different platforms, for
+/// a given certificate.
+///
+/// See:
+/// - <integration/hurl/ssl/cacert_to_json.out.pattern>
+/// - https://curl.se/mail/lib-2024-06/0013.html
 fn parse_subject(attributes: &HashMap<String, String>) -> Result<String, String> {
     match attributes.get("subject") {
         None => Err(format!("missing Subject attribute in {attributes:?}")),
         Some(value) => Ok(value.clone()),
     }
 }
 
+/// Parses certificate's issuer attribute.
 fn parse_issuer(attributes: &HashMap<String, String>) -> Result<String, String> {
     match attributes.get("issuer") {
         None => Err(format!("missing Issuer attribute in {attributes:?}")),