Skip to content

Regenerate test certificates with updated timestamps#52

Merged
sweis merged 1 commit intomainfrom
claude/code-review-audit-aoDz2
Feb 24, 2026
Merged

Regenerate test certificates with updated timestamps#52
sweis merged 1 commit intomainfrom
claude/code-review-audit-aoDz2

Conversation

@sweis
Copy link
Copy Markdown
Owner

@sweis sweis commented Feb 24, 2026

Summary

Regenerated all test certificates with updated validity dates (February 24, 2026 instead of February 4, 2026) and updated corresponding reference files to match the new certificate data.

Key Changes

  • Test certificates: Regenerated all .pem and .key files in testdata/certs/ with new timestamps
  • Reference files: Updated all reference output files (.txt files) to reflect new certificate validity dates and fingerprints
  • Fingerprints: Updated SHA-1 and SHA-256 fingerprint reference files due to certificate regeneration
  • Public keys: Updated public key reference files to match regenerated certificates
  • Documentation: Updated README.md with quick start examples and improved CLI documentation in docs/cli-interface.md
  • Library documentation: Added doc comments and examples to xcert-lib/src/lib.rs and xcert-lib/src/convert.rs
  • Code improvements:
    • Added OID constant for DSA in xcert-lib/src/oid.rs
    • Refactored digest algorithm parsing in xcert/src/main.rs
    • Updated WebPKI validation to use OID constants instead of hardcoded strings
    • Added batch mode support documentation for directory processing

Notable Details

  • All test vectors remain functionally equivalent; only timestamps and derived values (fingerprints, signatures) changed
  • The regeneration ensures test certificates have sufficient validity periods for ongoing testing
  • Reference files now serve as accurate baseline comparisons for the regenerated certificates
  • Documentation improvements provide better guidance for users and developers

https://claude.ai/code/session_015DHAwWcCFpG7vHAECwFucN

@claude
Code review audit: security fixes, code quality, and documentation up…
a03c653 
…dates

Security:
- Rename misleading is_public_suffix() to is_single_label_tld() with clear
  doc comment about limitations (no multi-level PSL coverage)
- Replace 15 inline OID string literals in verify/webpki.rs and verify/checks.rs
  with centralized constants from oid.rs (prevents typo-induced bugs)
- Add EXT_CRL_NUMBER, DSA, and CURVE_P192 constants to oid.rs
- Improve RSA key size bit-counting in check_weak_crypto() to accurately count
  significant bits using leading_zeros() instead of byte-level approximation

Code quality:
- Extract shared parse_digest() helper in main.rs, eliminating duplicated
  digest algorithm parsing between extract_field_value() and the single-file
  Field handler
- Add 3 doc-tests to library crate (lib.rs quickstart, der_to_pem, pem_to_der),
  increasing test count from 276 to 279

Documentation:
- Rewrite docs/design.md to match current architecture (verify module, updated
  dependency table, correct ExtensionValue variants, TrustStore/VerifyOptions API)
- Rewrite docs/cli-interface.md with all current CLI options (verify options,
  humantime duration support, batch/directory mode, --failures-only, --recurse)
- Update README with Quick Start section and example I/O for all commands
- Update PLAN.md test counts from 240 to 276 and fix verify module references
- Update ISSUES.md coverage table to reflect verify/ submodule split

https://claude.ai/code/session_015DHAwWcCFpG7vHAECwFucN
@sweis sweis merged commit e5fff01 into main Feb 24, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sweis @claude