diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 423a258f..67258da5 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -145,7 +145,7 @@ pub use self::extension::ExtKeyUsageOption as ExtKeyUsage; pub struct X509Generator { bits: u32, days: u32, - CN: String, + names: Vec<(String,String)>, // RFC 3280 ยง4.2: A certificate MUST NOT include more than one instance of a particular extension. extensions: HashMap, hash_type: HashType, @@ -165,7 +165,7 @@ impl X509Generator { X509Generator { bits: 1024, days: 365, - CN: "rust-openssl".to_string(), + names: vec![], extensions: HashMap::new(), hash_type: HashType::SHA1 } @@ -184,9 +184,41 @@ impl X509Generator { } #[allow(non_snake_case)] - /// Sets Common Name of certificate + /// (deprecated) Sets Common Name of certificate + /// + /// This function is deprecated, use `X509Generator.add_name` instead. + /// Don't use this function AND the `add_name` method pub fn set_CN(mut self, CN: &str) -> X509Generator { - self.CN = CN.to_string(); + match self.names.get_mut(0) { + Some(&mut(_,ref mut val)) => *val=CN.to_string(), + _ => {} /* would move push here, but borrow checker won't let me */ + } + if self.names.len()==0 { + self.names.push(("CN".to_string(),CN.to_string())); + } + self + } + + /// Add attribute to the name of the certificate + /// + /// ``` + /// # let generator = openssl::x509::X509Generator::new(); + /// generator.add_name("CN".to_string(),"example.com".to_string()); + /// ``` + pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { + self.names.push((attr_type,attr_value)); + self + } + + /// Add multiple attributes to the name of the certificate + /// + /// ``` + /// # let generator = openssl::x509::X509Generator::new(); + /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); + /// ``` + pub fn add_names(mut self, attrs: I) -> X509Generator + where I: IntoIterator { + self.names.extend(attrs); self } @@ -267,7 +299,7 @@ impl X509Generator { } } - fn add_name(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { + fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { let value_len = value.len() as c_int; lift_ssl!(unsafe { let key = CString::new(key.as_bytes()).unwrap(); @@ -333,7 +365,15 @@ impl X509Generator { let name = ffi::X509_get_subject_name(x509.handle); try_ssl_null!(name); - try!(X509Generator::add_name(name, "CN", &self.CN)); + let default=[("CN","rust-openssl")]; + let default_iter=&mut default.iter().map(|&(k,v)|(k,v)); + let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..])); + let iter: &mut Iterator = + if self.names.len()==0 { default_iter } else { arg_iter }; + + for (key,val) in iter { + try!(X509Generator::add_name_internal(name, &key, &val)); + } ffi::X509_set_issuer_name(x509.handle, name); for (exttype,ext) in self.extensions.iter() { diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 8417ee5c..0aed364b 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -16,7 +16,7 @@ fn test_cert_gen() { let gen = X509Generator::new() .set_bitlength(2048) .set_valid_period(365*2) - .set_CN("test_me") + .add_name("CN".to_string(),"test_me".to_string()) .set_sign_hash(SHA256) .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])) .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))