wireapp · coriolinus · Apr 28, 2026 · Apr 28, 2026 · Apr 28, 2026 · Apr 28, 2026
diff --git a/certval/src/builder/uri_utils.rs b/certval/src/builder/uri_utils.rs
@@ -228,7 +228,7 @@ pub async fn fetch_to_buffer(
                 let fname_from_response = response
                     .url()
                     .path_segments()
-                    .and_then(|segments| segments.last())
+                    .and_then(|mut segments| segments.next_back())
                     .and_then(|name| if name.is_empty() { None } else { Some(name) })
                     .unwrap_or("tmp.bin");
 

diff --git a/certval/src/environment/pki_environment.rs b/certval/src/environment/pki_environment.rs
@@ -74,19 +74,19 @@ pub struct PkiEnvironment {
     //Storage and retrieval interfaces
     //--------------------------------------------------------------------------
     /// List of trait objects that provide access to trust anchors
-    trust_anchor_sources: Vec<Box<(dyn TrustAnchorSource + Send + Sync)>>,
+    trust_anchor_sources: Vec<Box<dyn TrustAnchorSource + Send + Sync>>,
 
     /// List of trait objects that provide access to certificates
-    certificate_sources: Vec<Box<(dyn CertificateSource + Send + Sync)>>,
+    certificate_sources: Vec<Box<dyn CertificateSource + Send + Sync>>,
 
     /// List of trait objects that provide access to CRLs
-    crl_sources: Vec<Box<(dyn CrlSource + Send + Sync)>>,
+    crl_sources: Vec<Box<dyn CrlSource + Send + Sync>>,
 
     /// List of trait objects that provide access to cached revocation status determinations
-    revocation_cache: Vec<Box<(dyn RevocationStatusCache + Send + Sync)>>,
+    revocation_cache: Vec<Box<dyn RevocationStatusCache + Send + Sync>>,
 
     /// List of trait objects that provide access to blocklist and last modified info
-    check_remote: Vec<Box<(dyn CheckRemoteResource + Send + Sync)>>,
+    check_remote: Vec<Box<dyn CheckRemoteResource + Send + Sync>>,
 
     //--------------------------------------------------------------------------
     //Miscellaneous interfaces
@@ -268,7 +268,7 @@ impl PkiEnvironment {
     }
 
     /// add_trust_anchor_source adds a [`TrustAnchorSource`] object to the list used by get_trust_anchor.
-    pub fn add_trust_anchor_source(&mut self, c: Box<(dyn TrustAnchorSource + Send + Sync)>) {
+    pub fn add_trust_anchor_source(&mut self, c: Box<dyn TrustAnchorSource + Send + Sync>) {
         self.trust_anchor_sources.push(c);
     }
 
@@ -366,7 +366,7 @@ impl PkiEnvironment {
     }
 
     /// add_certificate_source adds a [`CertificateSource`] object to the list.
-    pub fn add_certificate_source(&mut self, c: Box<(dyn CertificateSource + Send + Sync)>) {
+    pub fn add_certificate_source(&mut self, c: Box<dyn CertificateSource + Send + Sync>) {
         self.certificate_sources.push(c);
     }
 
@@ -398,7 +398,7 @@ impl PkiEnvironment {
     }
 
     /// add_crl_source adds a [`CrlSource`] object to the list.
-    pub fn add_crl_source(&mut self, c: Box<(dyn CrlSource + Send + Sync)>) {
+    pub fn add_crl_source(&mut self, c: Box<dyn CrlSource + Send + Sync>) {
         self.crl_sources.push(c);
     }
 
@@ -451,7 +451,7 @@ impl PkiEnvironment {
     }
 
     /// add_revocation_cache adds a [`RevocationStatusCache`] object to the list.
-    pub fn add_revocation_cache(&mut self, c: Box<(dyn RevocationStatusCache + Send + Sync)>) {
+    pub fn add_revocation_cache(&mut self, c: Box<dyn RevocationStatusCache + Send + Sync>) {
         self.revocation_cache.push(c);
     }
 
@@ -528,7 +528,7 @@ impl PkiEnvironment {
     }
 
     /// add_check_remote adds a [`CheckRemoteResource`] object to the list.
-    pub fn add_check_remote(&mut self, c: Box<(dyn CheckRemoteResource + Send + Sync)>) {
+    pub fn add_check_remote(&mut self, c: Box<dyn CheckRemoteResource + Send + Sync>) {
         self.check_remote.push(c);
     }
 

diff --git a/certval/src/revocation/crl.rs b/certval/src/revocation/crl.rs
@@ -546,7 +546,7 @@ pub(crate) fn get_crl_info(crl: &CertificateList) -> Result<CrlInfo> {
                             }
                             if idp_name.is_none() {
                                 // not supporting non-DN/URI DPs
-                                return Err(Error::Unrecognized.into());
+                                return Err(Error::Unrecognized);
                             }
                         }
                         Some(DistributionPointName::NameRelativeToCRLIssuer(_unsupported)) => {

diff --git a/certval/src/source/cert_source.rs b/certval/src/source/cert_source.rs
diff --git a/certval/src/validator/path_validator.rs b/certval/src/validator/path_validator.rs
@@ -273,14 +273,8 @@ pub fn check_names(
     // Read input variables from path settings
     let mut pbufs = BTreeMap::new();
     let mut ebufs = BTreeMap::new();
-    let initial_perm = match get_initial_permitted_subtrees_as_set(cps, &mut pbufs) {
-        Ok(ip) => ip,
-        Err(e) => return Err(e),
-    };
-    let initial_excl = match get_initial_excluded_subtrees_as_set(cps, &mut ebufs) {
-        Ok(ie) => ie,
-        Err(e) => return Err(e),
-    };
+    let initial_perm = get_initial_permitted_subtrees_as_set(cps, &mut pbufs)?;
+    let initial_excl = get_initial_excluded_subtrees_as_set(cps, &mut ebufs)?;
 
     // for convenience, combine target into array with the intermediate CA certs
     let mut v = cp.intermediates.clone();
@@ -650,12 +644,9 @@ pub fn enforce_trust_anchor_constraints(
                 if let PDVExtension::NameConstraints(nc) = nc {
                     if let Some(permitted) = &nc.permitted_subtrees {
                         let mut initial_perm =
-                            match get_initial_permitted_subtrees_with_default_as_set(
+                            get_initial_permitted_subtrees_with_default_as_set(
                                 cps, &mut pbufs,
-                            ) {
-                                Ok(ip) => ip,
-                                Err(e) => return Err(e),
-                            };
+                            )?;
                         initial_perm.calculate_union(permitted);
                         set_initial_permitted_subtrees_from_set(&mut mod_cps, &initial_perm);
                     }
@@ -667,10 +658,7 @@ pub fn enforce_trust_anchor_constraints(
         if let Some(PDVExtension::NameConstraints(nc)) = name_constraints {
             if let Some(excluded) = &nc.excluded_subtrees {
                 let mut initial_excl =
-                    match get_initial_excluded_subtrees_with_default_as_set(cps, &mut ebufs) {
-                        Ok(ie) => ie,
-                        Err(e) => return Err(e),
-                    };
+                    get_initial_excluded_subtrees_with_default_as_set(cps, &mut ebufs)?;
                 initial_excl.calculate_union(excluded);
                 set_initial_excluded_subtrees_from_set(&mut mod_cps, &initial_excl);
             }

diff --git a/certval/src/validator/pdv_trust_anchor.rs b/certval/src/validator/pdv_trust_anchor.rs
@@ -129,7 +129,7 @@ impl TryFrom<&TrustAnchor<'_>> for PDVTrustAnchorChoice {
         let key_id = match spki.subject_public_key.as_bytes() {
             Some(b) => Sha1::digest(b),
             None => {
-                error!("Failed to calculate key identifier for {}", n.to_string());
+                error!("Failed to calculate key identifier for {}", n);
                 return Err(Error::Unrecognized);
             }
         };

diff --git a/certval/src/validator/policy_graph.rs b/certval/src/validator/policy_graph.rs
@@ -61,17 +61,17 @@ pub fn check_certificate_policies_graph(
 
     // Initialize state variables (RFC 6.1.2 a, d, e, and f)
     let mut valid_policy_graph = Vec::<PolicyTreeRow>::new();
-    let mut explicit_policy: u32 = if let true = initial_explicit_policy_indicator {
+    let mut explicit_policy: u32 = if initial_explicit_policy_indicator {
         0
     } else {
         certs_in_cert_path + 1
     };
-    let mut inhibit_any_policy: u32 = if let true = initial_inhibit_any_policy_indicator {
+    let mut inhibit_any_policy: u32 = if initial_inhibit_any_policy_indicator {
         0
     } else {
         certs_in_cert_path + 1
     };
-    let mut policy_mapping: u32 = if let true = initial_policy_mapping_inhibit_indicator {
+    let mut policy_mapping: u32 = if initial_policy_mapping_inhibit_indicator {
         0
     } else {
         certs_in_cert_path + 1

diff --git a/certval/src/validator/policy_tree.rs b/certval/src/validator/policy_tree.rs
@@ -61,17 +61,17 @@ pub fn check_certificate_policies(
 
     // Initialize state variables (RFC 6.1.2 a, d, e, and f)
     let mut valid_policy_tree = Vec::<PolicyTreeRow>::new();
-    let mut explicit_policy: u32 = if let true = initial_explicit_policy_indicator {
+    let mut explicit_policy: u32 = if initial_explicit_policy_indicator {
         0
     } else {
         certs_in_cert_path + 1
     };
-    let mut inhibit_any_policy: u32 = if let true = initial_inhibit_any_policy_indicator {
+    let mut inhibit_any_policy: u32 = if initial_inhibit_any_policy_indicator {
         0
     } else {
         certs_in_cert_path + 1
     };
-    let mut policy_mapping: u32 = if let true = initial_policy_mapping_inhibit_indicator {
+    let mut policy_mapping: u32 = if initial_policy_mapping_inhibit_indicator {
         0
     } else {
         certs_in_cert_path + 1