diff --git a/boring/examples/mk_certs.rs b/boring/examples/mk_certs.rs index 1fc4993d..6b4c6e01 100644 --- a/boring/examples/mk_certs.rs +++ b/boring/examples/mk_certs.rs @@ -43,18 +43,19 @@ fn mk_ca_cert() -> Result<(X509, PKey), ErrorStack> { let not_after = Asn1Time::days_from_now(365)?; cert_builder.set_not_after(¬_after)?; - cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?; + cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?.as_ref())?; cert_builder.append_extension( KeyUsage::new() .critical() .key_cert_sign() .crl_sign() - .build()?, + .build()? + .as_ref(), )?; let subject_key_identifier = SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?; - cert_builder.append_extension(subject_key_identifier)?; + cert_builder.append_extension(&subject_key_identifier)?; cert_builder.sign(&privkey, MessageDigest::sha256())?; let cert = cert_builder.build(); @@ -106,7 +107,7 @@ fn mk_ca_signed_cert( let not_after = Asn1Time::days_from_now(365)?; cert_builder.set_not_after(¬_after)?; - cert_builder.append_extension(BasicConstraints::new().build()?)?; + cert_builder.append_extension(BasicConstraints::new().build()?.as_ref())?; cert_builder.append_extension( KeyUsage::new() @@ -114,24 +115,25 @@ fn mk_ca_signed_cert( .non_repudiation() .digital_signature() .key_encipherment() - .build()?, + .build()? + .as_ref(), )?; let subject_key_identifier = SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?; - cert_builder.append_extension(subject_key_identifier)?; + cert_builder.append_extension(&subject_key_identifier)?; let auth_key_identifier = AuthorityKeyIdentifier::new() .keyid(false) .issuer(false) .build(&cert_builder.x509v3_context(Some(ca_cert), None))?; - cert_builder.append_extension(auth_key_identifier)?; + cert_builder.append_extension(&auth_key_identifier)?; let subject_alt_name = SubjectAlternativeName::new() .dns("*.example.com") .dns("hello.com") .build(&cert_builder.x509v3_context(Some(ca_cert), None))?; - cert_builder.append_extension(subject_alt_name)?; + cert_builder.append_extension(&subject_alt_name)?; cert_builder.sign(ca_privkey, MessageDigest::sha256())?; let cert = cert_builder.build(); diff --git a/boring/src/pkcs12.rs b/boring/src/pkcs12.rs index dd255e3a..e8fb7c12 100644 --- a/boring/src/pkcs12.rs +++ b/boring/src/pkcs12.rs @@ -260,7 +260,7 @@ mod test { .unwrap(); builder.set_subject_name(&name).unwrap(); builder.set_issuer_name(&name).unwrap(); - builder.append_extension(key_usage).unwrap(); + builder.append_extension(&key_usage).unwrap(); builder.set_pubkey(&pkey).unwrap(); builder.sign(&pkey, MessageDigest::sha256()).unwrap(); let cert = builder.build(); diff --git a/boring/src/x509/mod.rs b/boring/src/x509/mod.rs index 17115d68..cd5d428e 100644 --- a/boring/src/x509/mod.rs +++ b/boring/src/x509/mod.rs @@ -484,16 +484,9 @@ impl X509Builder { } } - /// Adds an X509 extension value to the certificate. - /// - /// This works just as `append_extension` except it takes ownership of the `X509Extension`. - pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> { - self.append_extension2(&extension) - } - /// Adds an X509 extension value to the certificate. #[corresponds(X509_add_ext)] - pub fn append_extension2(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> { + pub fn append_extension(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?; Ok(()) diff --git a/boring/src/x509/tests/mod.rs b/boring/src/x509/tests/mod.rs index 0ab054ab..371cd9b6 100644 --- a/boring/src/x509/tests/mod.rs +++ b/boring/src/x509/tests/mod.rs @@ -250,34 +250,36 @@ fn x509_builder() { .unwrap(); let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap(); - builder.append_extension(basic_constraints).unwrap(); + builder + .append_extension(basic_constraints.as_ref()) + .unwrap(); let key_usage = KeyUsage::new() .digital_signature() .key_encipherment() .build() .unwrap(); - builder.append_extension(key_usage).unwrap(); + builder.append_extension(&key_usage).unwrap(); let ext_key_usage = ExtendedKeyUsage::new() .client_auth() .server_auth() .other("2.999.1") .build() .unwrap(); - builder.append_extension(ext_key_usage).unwrap(); + builder.append_extension(&ext_key_usage).unwrap(); let subject_key_identifier = SubjectKeyIdentifier::new() .build(&builder.x509v3_context(None, None)) .unwrap(); - builder.append_extension(subject_key_identifier).unwrap(); + builder.append_extension(&subject_key_identifier).unwrap(); let authority_key_identifier = AuthorityKeyIdentifier::new() .keyid(true) .build(&builder.x509v3_context(None, None)) .unwrap(); - builder.append_extension(authority_key_identifier).unwrap(); + builder.append_extension(&authority_key_identifier).unwrap(); let subject_alternative_name = SubjectAlternativeName::new() .dns("example.com") .build(&builder.x509v3_context(None, None)) .unwrap(); - builder.append_extension(subject_alternative_name).unwrap(); + builder.append_extension(&subject_alternative_name).unwrap(); builder.sign(&pkey, MessageDigest::sha256()).unwrap();