From 11bcac01ecd1b7ba8d758b814ff65dc1dc3ac7e6 Mon Sep 17 00:00:00 2001
From: Jethro Beekman <jethro@jbeekman.nl>
Date: Sun, 14 Jun 2015 17:25:05 -0700
Subject: [PATCH 1/4] Replace CN field by names vector

---
 openssl/src/x509/mod.rs | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 423a258f..b8114384 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -145,7 +145,7 @@ pub use self::extension::ExtKeyUsageOption as ExtKeyUsage;
 pub struct X509Generator {
     bits: u32,
     days: u32,
-    CN: String,
+    names: Vec<(String,String)>,
     // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension.
     extensions: HashMap<ExtensionType,Extension>,
     hash_type: HashType,
@@ -165,7 +165,7 @@ impl X509Generator {
         X509Generator {
             bits: 1024,
             days: 365,
-            CN: "rust-openssl".to_string(),
+            names: vec![],
             extensions: HashMap::new(),
             hash_type: HashType::SHA1
         }
@@ -186,7 +186,13 @@ impl X509Generator {
     #[allow(non_snake_case)]
     /// Sets Common Name of certificate
     pub fn set_CN(mut self, CN: &str) -> X509Generator {
-        self.CN = CN.to_string();
+        match self.names.get_mut(0) {
+            Some(&mut(_,ref mut val)) => *val=CN.to_string(),
+            _ => {} /* would move push here, but borrow checker won't let me */
+        }
+        if self.names.len()==0 {
+            self.names.push(("CN".to_string(),CN.to_string()));
+        }
         self
     }
 
@@ -333,7 +339,15 @@ impl X509Generator {
             let name = ffi::X509_get_subject_name(x509.handle);
             try_ssl_null!(name);
 
-            try!(X509Generator::add_name(name, "CN", &self.CN));
+            let default=[("CN","rust-openssl")];
+            let default_iter=&mut default.iter().map(|&(k,v)|(k,v));
+            let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..]));
+            let iter: &mut Iterator<Item=(&str,&str)> =
+                if self.names.len()==0 { default_iter } else { arg_iter };
+
+            for (key,val) in iter {
+                try!(X509Generator::add_name(name, &key, &val));
+            }
             ffi::X509_set_issuer_name(x509.handle, name);
 
             for (exttype,ext) in self.extensions.iter() {

From f2b0da1de79b0980b851f704d0eb28baaf985fc2 Mon Sep 17 00:00:00 2001
From: Jethro Beekman <jethro@jbeekman.nl>
Date: Sun, 14 Jun 2015 17:25:35 -0700
Subject: [PATCH 2/4] Add public add_name method to X509Generator

---
 openssl/src/x509/mod.rs | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index b8114384..f624d7ab 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -184,7 +184,10 @@ impl X509Generator {
     }
 
     #[allow(non_snake_case)]
-    /// Sets Common Name of certificate
+    /// (deprecated) Sets Common Name of certificate
+    ///
+    /// This function is deprecated, use `X509Generator.add_name` instead.
+    /// Don't use this function AND the `add_name` method
     pub fn set_CN(mut self, CN: &str) -> X509Generator {
         match self.names.get_mut(0) {
             Some(&mut(_,ref mut val)) => *val=CN.to_string(),
@@ -196,6 +199,16 @@ impl X509Generator {
         self
     }
 
+    /// Add attribute to the name of the certificate
+    ///
+    /// ```ignore
+    /// generator.add_name("CN".to_string(),"example.com".to_string())
+    /// ```
+    pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
+        self.names.push((attr_type,attr_value));
+        self
+    }
+
     /// (deprecated) Sets what for certificate could be used
     ///
     /// This function is deprecated, use `X509Generator.add_extension` instead.
@@ -273,7 +286,7 @@ impl X509Generator {
         }
     }
 
-    fn add_name(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> {
+    fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> {
         let value_len = value.len() as c_int;
         lift_ssl!(unsafe {
             let key = CString::new(key.as_bytes()).unwrap();
@@ -346,7 +359,7 @@ impl X509Generator {
                 if self.names.len()==0 { default_iter } else { arg_iter };
 
             for (key,val) in iter {
-                try!(X509Generator::add_name(name, &key, &val));
+                try!(X509Generator::add_name_internal(name, &key, &val));
             }
             ffi::X509_set_issuer_name(x509.handle, name);
 

From 1bcbe8f4bc3f06f3e4ac08d060b27c81e42ad68b Mon Sep 17 00:00:00 2001
From: Jethro Beekman <jethro@jbeekman.nl>
Date: Tue, 30 Jun 2015 15:40:36 -0700
Subject: [PATCH 3/4] Add X509generator.add_names method

---
 openssl/src/x509/mod.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index f624d7ab..717afa65 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -209,6 +209,17 @@ impl X509Generator {
         self
     }
 
+    /// Add multiple attributes to the name of the certificate
+    ///
+    /// ```ignore
+    /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
+    /// ```
+    pub fn add_names<I>(mut self, attrs: I) -> X509Generator
+        where I: IntoIterator<Item=(String,String)> {
+        self.names.extend(attrs);
+        self
+    }
+
     /// (deprecated) Sets what for certificate could be used
     ///
     /// This function is deprecated, use `X509Generator.add_extension` instead.

From e3c562d6a04649e97863224a7c32d1130650c755 Mon Sep 17 00:00:00 2001
From: Jethro Beekman <jethro@jbeekman.nl>
Date: Tue, 30 Jun 2015 15:41:20 -0700
Subject: [PATCH 4/4] Fix/add more X509generator tests

---
 openssl/src/x509/mod.rs   | 8 +++++---
 openssl/src/x509/tests.rs | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index 717afa65..67258da5 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -201,8 +201,9 @@ impl X509Generator {
 
     /// Add attribute to the name of the certificate
     ///
-    /// ```ignore
-    /// generator.add_name("CN".to_string(),"example.com".to_string())
+    /// ```
+    /// # let generator = openssl::x509::X509Generator::new();
+    /// generator.add_name("CN".to_string(),"example.com".to_string());
     /// ```
     pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator {
         self.names.push((attr_type,attr_value));
@@ -211,7 +212,8 @@ impl X509Generator {
 
     /// Add multiple attributes to the name of the certificate
     ///
-    /// ```ignore
+    /// ```
+    /// # let generator = openssl::x509::X509Generator::new();
     /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]);
     /// ```
     pub fn add_names<I>(mut self, attrs: I) -> X509Generator
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 8417ee5c..0aed364b 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -16,7 +16,7 @@ fn test_cert_gen() {
     let gen = X509Generator::new()
         .set_bitlength(2048)
         .set_valid_period(365*2)
-        .set_CN("test_me")
+        .add_name("CN".to_string(),"test_me".to_string())
         .set_sign_hash(SHA256)
         .add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment]))
         .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))