upstream: github.com/mirage/ca-certs
test: use same decoding code as ca_certs.ml
+16
-2
+16
-2
test/tests.ml
+16
-2
test/tests.ml
···
957
957
958
958
let ta () =
959
959
let open Rresult.R.Infix in
960
-
Ca_certs.trust_anchors () >>= fun data ->
961
-
X509.Certificate.decode_pem_multiple (Cstruct.of_string data)
960
+
Ca_certs.trust_anchors () >>| fun data ->
961
+
(* we cannot use decode_pem_multiple since this fails on the first
962
+
undecodable certificate - while we'd like to stay operational, and ignore
963
+
some certificates *)
964
+
let sep = "-----END CERTIFICATE-----" in
965
+
let certs = Astring.String.cuts ~sep ~empty:false data in
966
+
let cas =
967
+
List.fold_left
968
+
(fun acc data ->
969
+
let data = data ^ sep in
970
+
match X509.Certificate.decode_pem (Cstruct.of_string data) with
971
+
| Ok ca -> ca :: acc
972
+
| Error _ -> acc)
973
+
[] certs
974
+
in
975
+
List.rev cas
962
976
963
977
let () =
964
978
let tas = Rresult.R.get_ok (ta ()) in