Improve Toitdoc.

.github/workflows/ci.yml

@@ -5,6 +5,13 @@ on:
   release:
     types: [published]
 
+env:
+  TOIT_VERSION: v2.0.0-alpha.100
+  # Will be set in the 'Setup constants' step
+  TOIT_URL:
+  # Will be set in the 'Setup constants' step
+  DOWNLOAD_DIR:
+
 jobs:
   build:
     strategy:
@@ -19,8 +26,6 @@ jobs:
       - name: Setup constants
         shell: bash
         run: |
-          TOIT_VERSION=v2.0.0-alpha.91
-          echo "TOIT_VERSION=$TOIT_VERSION" >> $GITHUB_ENV
           export DOWNLOAD_DIR="${{ github.workspace }}/downloads"
           echo "DOWNLOAD_DIR=$DOWNLOAD_DIR" >> $GITHUB_ENV
           if [[ "$RUNNER_OS" = "Linux" ]]; then

.gitignore

@@ -1 +1,4 @@
 .packages/
+/build/
+/tools/extract-nss-root-certs/
+

package.yaml

@@ -1,5 +1,5 @@
-name: certificate_roots
+name: certificate-roots
 description: The root certificates needed to connect to HTTPS servers on the public web.
 license: MPL-2.0
 environment:
-  sdk: ^2.0.0-alpha.91
+  sdk: ^2.0.0-alpha.100

src/get_root.toit → src/get-root.toit

@@ -4,7 +4,7 @@
 
 import tls
 
-import .certificate_roots
+import .certificate-roots
 
 /**
 Takes an exception caused by trying to connect to an HTTPS
@@ -16,22 +16,22 @@ Due to memory limitations it is not normally possible to add
   all known root certificates to a socket.  Therefore you
   will normally add the one root certificate that you need.
   If you want to be able to connect to arbitrary HTTPS servers
-  you can make an attempt with one root (eg $GLOBALSIGN_ROOT_CA)
+  you can make an attempt with one root (eg $GLOBALSIGN-ROOT-CA)
   and then use this to parse the exception and get the correct
   root for a second attempt.
 */
-get_root_from_exception exception/string -> tls.RootCertificate?:
+get-root-from-exception exception/string -> tls.RootCertificate?:
   INTRO ::= "Site relies on unknown root certificate: '"
-  if not exception.starts_with INTRO: return null
-  cn_index := exception.index_of "CN="
-  if cn_index == -1: return null
-  cn_index += 3
-  cn_end_index := exception[cn_index..].index_of ","
-  if cn_end_index == -1:
-    cn_end_index = exception[cn_index..].index_of "'"
-  if cn_end_index == -1: return null
-  common_name := exception[cn_index..][..cn_end_index]
-  cert := MAP.get common_name
+  if not exception.starts-with INTRO: return null
+  cn-index := exception.index-of "CN="
+  if cn-index == -1: return null
+  cn-index += 3
+  cn-end-index := exception[cn-index..].index-of ","
+  if cn-end-index == -1:
+    cn-end-index = exception[cn-index..].index-of "'"
+  if cn-end-index == -1: return null
+  common-name := exception[cn-index..][..cn-end-index]
+  cert := MAP.get common-name
   if cert == null: return null
-  print "Found cert $common_name"
+  print "Found cert $common-name"
   return cert

tests/parse_x509_test.toit

@@ -2,13 +2,13 @@
 // Use of this source code is governed by a Zero-Clause BSD license that can
 // be found in the tests/TESTS_LICENSE file.
 
-import certificate_roots
+import certificate-roots
 import expect show *
 
 main:
-  dst := certificate_roots.DST_ROOT_CA_X3
-  cyber := certificate_roots.CYBERTRUST_GLOBAL_ROOT
-  globalsign := certificate_roots.GLOBALSIGN_ROOT_CA_R2
-  expect_not_equals dst cyber
-  expect_not_equals dst globalsign
-  expect_not_equals cyber globalsign
+  baltimore := certificate-roots.BALTIMORE-CYBERTRUST-ROOT
+  amazon-1 := certificate-roots.AMAZON-ROOT-CA-1
+  comodo := certificate-roots.COMODO-AAA-SERVICES-ROOT
+  expect-not-equals baltimore amazon-1
+  expect-not-equals amazon-1 comodo
+  expect-not-equals comodo baltimore

tests/tls_global_cert_test_slow.toit

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a Zero-Clause BSD license that can
 // be found in the tests/LICENSE file.
 
-import certificate_roots show *
+import certificate-roots show *
 import expect show *
 import net
 import net.tcp
@@ -11,44 +11,44 @@ import system
 import system show platform
 import tls
 
-expect_error name [code]:
+expect-error name [code]:
   error := catch code
   expect: error.contains name
 
 monitor LimitLoad:
   current := 0
-  has_test_failure := null
+  has-test-failure := null
   // FreeRTOS does not have enough memory to run in parallel.
-  concurrent_processes ::= platform == system.PLATFORM-FREERTOS ? 1 : 4
+  concurrent-processes ::= platform == system.PLATFORM-FREERTOS ? 1 : 4
 
   inc:
-    await: current < concurrent_processes
+    await: current < concurrent-processes
     current++
 
   flush:
     await: current == 0
 
-  test_failures:
+  test-failures:
     await: current == 0
-    return has_test_failure
+    return has-test-failure
 
-  log_test_failure message:
-    has_test_failure = message
+  log-test-failure message:
+    has-test-failure = message
 
   dec:
     current--
 
-load_limiter := LimitLoad
+load-limiter := LimitLoad
 
 main:
-  install_common_trusted_roots
+  install-common-trusted-roots
   network := net.open
   try:
-    run_tests network
+    run-tests network
   finally:
     network.close
 
-run_tests network/net.Client:
+run-tests network/net.Client:
   amazon-ip := (network.resolve "amazon.com").first
 
   working := [
@@ -76,37 +76,37 @@ run_tests network/net.Client:
     "signal.org",  // Starfield root.
     ]
   working.do: | site |
-    test_site network site
-    if load_limiter.has_test_failure: throw load_limiter.has_test_failure  // End early if we have a test failure.
-  if load_limiter.test_failures:
-    throw load_limiter.has_test_failure
+    test-site network site
+    if load-limiter.has-test-failure: throw load-limiter.has-test-failure  // End early if we have a test failure.
+  if load-limiter.test-failures:
+    throw load-limiter.has-test-failure
 
-test_site network/net.Client url:
+test-site network/net.Client url:
   host := url
-  extra_info := null
+  extra-info := null
   if host.contains "/":
     parts := host.split "/"
     host = parts[0]
-    extra_info = parts[1]
+    extra-info = parts[1]
   port := 443
   if url.contains ":":
     array := url.split ":"
     host = array[0]
     port = int.parse array[1]
-  load_limiter.inc
-  task:: working_site network host port extra_info
+  load-limiter.inc
+  task:: working-site network host port extra-info
 
-working_site network/net.Client host port expected_certificate_name:
+working-site network/net.Client host port expected-certificate-name:
   error := true
   try:
-    connect_to_site network host port expected_certificate_name
+    connect-to-site network host port expected-certificate-name
     error = false
   finally:
     if error:
-      load_limiter.log_test_failure "*** Incorrectly failed to connect to $host ***"
-    load_limiter.dec
+      load-limiter.log-test-failure "*** Incorrectly failed to connect to $host ***"
+    load-limiter.dec
 
-connect_to_site network/net.Client host port expected_certificate_name:
+connect-to-site network/net.Client host port expected-certificate-name:
   bytes := 0
   connection := null
 
@@ -115,12 +115,12 @@ connect_to_site network/net.Client host port expected_certificate_name:
     raw = network.tcp-connect host port
 
     socket := tls.Socket.client raw
-      --server_name=expected_certificate_name or host
+      --server-name=expected-certificate-name or host
 
     try:
       writer := socket.out
       writer.write """GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n"""
-      print "$host: $((socket as any).session_.mode == tls.SESSION_MODE_TOIT ? "Toit mode" : "MbedTLS mode")"
+      print "$host: $((socket as any).session_.mode == tls.SESSION-MODE-TOIT ? "Toit mode" : "MbedTLS mode")"
 
       while data := socket.in.read:
         bytes += data.size

tests/trivial_test.toit

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a Zero-Clause BSD license that can
 // be found in the tests/TESTS_LICENSE file.
 
-import certificate_roots
+import certificate-roots
 
 main:
-  certificate_roots.install_common_trusted_roots
+  certificate-roots.install-common-trusted-roots