Skip to content

Do not use NotBefore=0 in certs validity periods#458

Merged
ivmarkov merged 2 commits into
project-chip:mainfrom
sysgrok:validity-periods
May 22, 2026
Merged

Do not use NotBefore=0 in certs validity periods#458
ivmarkov merged 2 commits into
project-chip:mainfrom
sysgrok:validity-periods

Conversation

@ivmarkov
Copy link
Copy Markdown
Contributor

@ivmarkov ivmarkov commented May 22, 2026

This is #454 except with all Gemini code review comments addressed (and future comments to be addressed too).

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces configurable certificate validity periods for the commissioner module, replacing hardcoded values with a new Validity parameter in FabricCredentials and NocGenerator. It also defines a DEFAULT_VALIDITY constant designed to avoid collisions with CHIP's epoch-0 sentinel. The review feedback highlights that while the API is now public, the Validity struct fields remain pub(crate), preventing external users from creating custom validity periods. Additionally, there is a suggestion to consolidate the Validity type and its default constant to reduce API fragmentation.

Comment thread rs-matter/src/commissioner/fabric_credentials.rs
Comment thread rs-matter/src/commissioner/noc_generator.rs Outdated
@ivmarkov ivmarkov force-pushed the validity-periods branch from b626f0e to 13b9963 Compare May 22, 2026 19:02
@ivmarkov ivmarkov mentioned this pull request May 22, 2026
Closed
2 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 22, 2026

PR #458: Size comparison from 6c53af6 to 44e62ab

Full report (8 builds for (core), dimmable-light, onoff-light, onoff-light-bt, speaker)
platform target config section 6c53af6 44e62ab change % change
(core) riscv32imac-unknown-none-elf infodefmt-optz-ltofat FLASH 446972 446972 0 0.0
RAM 71056 71056 0 0.0
thumbv6m-none-eabi infodefmt-optz-ltofat FLASH 361528 361528 0 0.0
RAM 66628 66628 0 0.0
thumbv7em-none-eabi infodefmt-optz-ltofat FLASH 339296 339296 0 0.0
RAM 66404 66404 0 0.0
x86_64-unknown-linux-gnu infologs-optz-ltofat FLASH 875171 875171 0 0.0
RAM 71386 71386 0 0.0
dimmable-light x86_64-unknown-linux-gnu infologs-optz-ltofat FLASH 2054256 2054256 0 0.0
RAM 60368 60368 0 0.0
onoff-light x86_64-unknown-linux-gnu infologs-optz-ltofat FLASH 1981256 1981256 0 0.0
RAM 59536 59536 0 0.0
onoff-light-bt x86_64-unknown-linux-gnu infologs-optz-ltofat FLASH 3364912 3364912 0 0.0
RAM 5776 5776 0 0.0
speaker x86_64-unknown-linux-gnu infologs-optz-ltofat FLASH 2016808 2016808 0 0.0
RAM 5472 5472 0 0.0

@ivmarkov ivmarkov merged commit b23a6ab into project-chip:main May 22, 2026
14 checks passed
@ivmarkov ivmarkov mentioned this pull request May 26, 2026
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ivmarkov