diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs
new file mode 100644
index 00000000..b7f5fc52
--- /dev/null
+++ b/openssl/src/x509/extension.rs
@@ -0,0 +1,69 @@
+use std::fmt;
+
+#[derive(Clone)]
+pub enum Extension {
+	KeyUsage(Vec<KeyUsageOption>),
+	ExtKeyUsage(Vec<ExtKeyUsageOption>),
+}
+
+#[derive(Clone,Copy)]
+pub enum KeyUsageOption {
+    DigitalSignature,
+    NonRepudiation,
+    KeyEncipherment,
+    DataEncipherment,
+    KeyAgreement,
+    KeyCertSign,
+    CRLSign,
+    EncipherOnly,
+    DecipherOnly,
+}
+
+impl fmt::Display for KeyUsageOption {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        f.pad(match self {
+            &KeyUsageOption::DigitalSignature => "digitalSignature",
+            &KeyUsageOption::NonRepudiation => "nonRepudiation",
+            &KeyUsageOption::KeyEncipherment => "keyEncipherment",
+            &KeyUsageOption::DataEncipherment => "dataEncipherment",
+            &KeyUsageOption::KeyAgreement => "keyAgreement",
+            &KeyUsageOption::KeyCertSign => "keyCertSign",
+            &KeyUsageOption::CRLSign => "cRLSign",
+            &KeyUsageOption::EncipherOnly => "encipherOnly",
+            &KeyUsageOption::DecipherOnly => "decipherOnly",
+        })
+    }
+}
+
+#[derive(Clone,Copy)]
+pub enum ExtKeyUsageOption {
+    ServerAuth,
+    ClientAuth,
+    CodeSigning,
+    EmailProtection,
+    TimeStamping,
+    MsCodeInd,
+    MsCodeCom,
+    MsCtlSign,
+    MsSgc,
+    MsEfs,
+    NsSgc,
+}
+
+impl fmt::Display for ExtKeyUsageOption {
+    fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+        f.pad(match self {
+            &ExtKeyUsageOption::ServerAuth => "serverAuth",
+            &ExtKeyUsageOption::ClientAuth => "clientAuth",
+            &ExtKeyUsageOption::CodeSigning => "codeSigning",
+            &ExtKeyUsageOption::EmailProtection => "emailProtection",
+            &ExtKeyUsageOption::TimeStamping => "timeStamping",
+            &ExtKeyUsageOption::MsCodeInd => "msCodeInd",
+            &ExtKeyUsageOption::MsCodeCom => "msCodeCom",
+            &ExtKeyUsageOption::MsCtlSign => "msCTLSign",
+            &ExtKeyUsageOption::MsSgc => "msSGC",
+            &ExtKeyUsageOption::MsEfs => "msEFS",
+            &ExtKeyUsageOption::NsSgc =>"nsSGC",
+        })
+    }
+}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 5446f125..6292579b 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -20,6 +20,7 @@ use ffi;
 use ssl::error::{SslError, StreamError};
 use nid;
 
+mod extension;
 
 #[cfg(test)]
 mod tests;
@@ -98,74 +99,9 @@ impl X509StoreContext {
     }
 }
 
-#[doc(hidden)]
-trait AsStr<'a> {
-    fn as_str(&self) -> &'a str;
-}
-
-#[derive(Clone, Copy)]
-pub enum KeyUsage {
-    DigitalSignature,
-    NonRepudiation,
-    KeyEncipherment,
-    DataEncipherment,
-    KeyAgreement,
-    KeyCertSign,
-    CRLSign,
-    EncipherOnly,
-    DecipherOnly
-}
-
-impl AsStr<'static> for KeyUsage {
-    fn as_str(&self) -> &'static str {
-        match self {
-            &KeyUsage::DigitalSignature => "digitalSignature",
-            &KeyUsage::NonRepudiation => "nonRepudiation",
-            &KeyUsage::KeyEncipherment => "keyEncipherment",
-            &KeyUsage::DataEncipherment => "dataEncipherment",
-            &KeyUsage::KeyAgreement => "keyAgreement",
-            &KeyUsage::KeyCertSign => "keyCertSign",
-            &KeyUsage::CRLSign => "cRLSign",
-            &KeyUsage::EncipherOnly => "encipherOnly",
-            &KeyUsage::DecipherOnly => "decipherOnly"
-        }
-    }
-}
-
-
-#[derive(Clone, Copy)]
-pub enum ExtKeyUsage {
-    ServerAuth,
-    ClientAuth,
-    CodeSigning,
-    EmailProtection,
-    TimeStamping,
-    MsCodeInd,
-    MsCodeCom,
-    MsCtlSign,
-    MsSgc,
-    MsEfs,
-    NsSgc
-}
-
-impl AsStr<'static> for ExtKeyUsage {
-    fn as_str(&self) -> &'static str {
-        match self {
-            &ExtKeyUsage::ServerAuth => "serverAuth",
-            &ExtKeyUsage::ClientAuth => "clientAuth",
-            &ExtKeyUsage::CodeSigning => "codeSigning",
-            &ExtKeyUsage::EmailProtection => "emailProtection",
-            &ExtKeyUsage::TimeStamping => "timeStamping",
-            &ExtKeyUsage::MsCodeInd => "msCodeInd",
-            &ExtKeyUsage::MsCodeCom => "msCodeCom",
-            &ExtKeyUsage::MsCtlSign => "msCTLSign",
-            &ExtKeyUsage::MsSgc => "msSGC",
-            &ExtKeyUsage::MsEfs => "msEFS",
-            &ExtKeyUsage::NsSgc =>"nsSGC"
-        }
-    }
-}
-
+// Backwards-compatibility
+pub use self::extension::KeyUsageOption as KeyUsage;
+pub use self::extension::ExtKeyUsageOption as ExtKeyUsage;
 
 // FIXME: a dirty hack as there is no way to
 // implement ToString for Vec as both are defined
@@ -175,11 +111,11 @@ trait ToStr {
     fn to_str(&self) -> String;
 }
 
-impl<'a, T: AsStr<'a>> ToStr for Vec<T> {
+impl<T: ToString> ToStr for Vec<T> {
     fn to_str(&self) -> String {
         self.iter().enumerate().fold(String::new(), |mut acc, (idx, v)| {
             if idx > 0 { acc.push(',') };
-            acc.push_str(v.as_str());
+            acc.push_str(&v.to_string());
             acc
         })
     }