resolve more issues

Author: ammario

.github/workflows/tests.yml

@@ -24,21 +24,24 @@ jobs:
       - name: Setup Rust cache
         uses: Swatinem/rust-cache@v2
 
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
       - name: Build
         run: cargo build --verbose
 
       - name: Run unit tests
-        run: cargo test --bins --verbose
+        run: cargo nextest run --bins --verbose
 
       - name: Run smoke tests
-        run: cargo test --test smoke_test --verbose
+        run: cargo nextest run --test smoke_test --verbose
 
       - name: Run macOS integration tests (with sudo)
         run: |
           # The tests require root privileges for PF rules on macOS
           # GitHub Actions provides passwordless sudo on macOS runners
-          # Use -E to preserve environment and full path to cargo
-          sudo -E $(which cargo) test --test macos_integration --verbose
+          # Use -E to preserve environment and full path to cargo and nextest
+          sudo -E $(which cargo) nextest run --test macos_integration --verbose
 
   test-linux:
     name: Linux Tests
@@ -58,17 +61,17 @@ jobs:
       - name: Setup Rust cache
         uses: Swatinem/rust-cache@v2
 
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
       - name: Build
         run: cargo build --verbose
 
       - name: Run unit tests
-        run: cargo test --bins --verbose
+        run: cargo nextest run --bins --verbose
 
       - name: Run smoke tests
-        run: cargo test --test smoke_test --verbose
-
-      - name: Run jail integration tests
-        run: cargo test --test jail_integration --verbose
+        run: cargo nextest run --test smoke_test --verbose
 
       - name: Debug TLS environment
         run: |
@@ -83,8 +86,8 @@ jobs:
           # Ensure ip netns support is available
           sudo ip netns list || true
           # Run the Linux-specific jail tests with root privileges
-          # Use full path to cargo since sudo doesn't preserve PATH
-          sudo -E $(which cargo) test --test linux_integration --verbose
+          # Use full path to cargo and nextest since sudo doesn't preserve PATH
+          sudo -E $(which cargo) nextest run --test linux_integration --verbose
 
   test-weak:
     name: Weak Mode Integration Tests (Linux)
@@ -101,11 +104,14 @@ jobs:
       - name: Setup Rust cache
         uses: Swatinem/rust-cache@v2
 
+      - name: Install nextest
+        uses: taiki-e/install-action@nextest
+
       - name: Build
         run: cargo build --verbose
 
       - name: Run weak mode integration tests
-        run: cargo test --test weak_integration --verbose
+        run: cargo nextest run --test weak_integration --verbose
 
   clippy:
     name: Clippy

README.md

@@ -19,6 +19,7 @@ A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from pr
 - [ ] Expand test cases to include WebSockets
 - [ ] Add Linux support with parity with macOS
 - [ ] Add robust firewall cleanup mechanism for Linux and macOS
+- [ ] Support/test concurrent jailing across macOS and Linux
 
 ## Quick Start
 

src/tls.rs

@@ -7,7 +7,7 @@ use std::fs;
 use std::num::NonZeroUsize;
 use std::path::PathBuf;
 use std::sync::{Arc, RwLock};
-use tracing::{debug, info, warn};
+use tracing::{debug, info};
 
 const CERT_CACHE_SIZE: usize = 1024;
 
@@ -224,11 +224,6 @@ impl CertificateManager {
             cert_der.len()
         );
 
-        // Validate the certificate can be parsed (this might catch ASN.1 issues early)
-        if let Err(e) = rustls::pki_types::CertificateDer::try_from(cert_der.as_ref()) {
-            warn!("Generated certificate has encoding issues: {}", e);
-        }
-
         // Also include CA cert in chain
         let ca_cert_der = self.ca_cert.der().clone();
         // ca_cert_der is already the correct type
@@ -289,14 +284,12 @@ impl CertificateManager {
                 Some(PathBuf::from("/root/.config/httpjail/ca-cert.pem")),
             ];
 
-            for path_option in &possible_paths {
-                if let Some(path) = path_option {
-                    if path.exists() {
-                        ca_path = Utf8PathBuf::try_from(path.clone())
-                            .context("CA cert path is not valid UTF-8")?;
-                        debug!("Found CA certificate at alternate location: {}", ca_path);
-                        break;
-                    }
+            for path in possible_paths.iter().flatten() {
+                if path.exists() {
+                    ca_path = Utf8PathBuf::try_from(path.clone())
+                        .context("CA cert path is not valid UTF-8")?;
+                    debug!("Found CA certificate at alternate location: {}", ca_path);
+                    break;
                 }
             }
 

tests/common/mod.rs

@@ -1,6 +1,7 @@
 #![allow(dead_code)] // These are utility functions used across different test modules
 
 use std::process::Command;
+use std::str::FromStr;
 
 /// Build httpjail binary and return the path
 pub fn build_httpjail() -> Result<String, String> {