min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

X509Builder::append_extension2 -> X509Builder::append_extension

This commit is contained in:
Rushil Mehra 2025-02-19 01:25:20 -08:00 committed by Alessandro Ghedini
parent 8abba360d3
commit 646ae33c61
4 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
boring/examples/mk_certs.rs
View File

@ -43,18 +43,19 @@ fn mk_ca_cert() -> Result<(X509, PKey<Private>), ErrorStack> {
let not_after = Asn1Time::days_from_now(365)?; let not_after = Asn1Time::days_from_now(365)?;
cert_builder.set_not_after(&not_after)?; cert_builder.set_not_after(&not_after)?;
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?; cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?.as_ref())?;
cert_builder.append_extension( cert_builder.append_extension(
KeyUsage::new() KeyUsage::new()
.critical() .critical()
.key_cert_sign() .key_cert_sign()
.crl_sign() .crl_sign()
.build()?, .build()?
.as_ref(),
)?; )?;
let subject_key_identifier = let subject_key_identifier =
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?; SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?;
cert_builder.append_extension(subject_key_identifier)?; cert_builder.append_extension(&subject_key_identifier)?;
cert_builder.sign(&privkey, MessageDigest::sha256())?; cert_builder.sign(&privkey, MessageDigest::sha256())?;
let cert = cert_builder.build(); let cert = cert_builder.build();
@ -106,7 +107,7 @@ fn mk_ca_signed_cert(
let not_after = Asn1Time::days_from_now(365)?; let not_after = Asn1Time::days_from_now(365)?;
cert_builder.set_not_after(&not_after)?; cert_builder.set_not_after(&not_after)?;
cert_builder.append_extension(BasicConstraints::new().build()?)?; cert_builder.append_extension(BasicConstraints::new().build()?.as_ref())?;
cert_builder.append_extension( cert_builder.append_extension(
KeyUsage::new() KeyUsage::new()
@ -114,24 +115,25 @@ fn mk_ca_signed_cert(
.non_repudiation() .non_repudiation()
.digital_signature() .digital_signature()
.key_encipherment() .key_encipherment()
.build()?, .build()?
.as_ref(),
)?; )?;
let subject_key_identifier = let subject_key_identifier =
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?; SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
cert_builder.append_extension(subject_key_identifier)?; cert_builder.append_extension(&subject_key_identifier)?;
let auth_key_identifier = AuthorityKeyIdentifier::new() let auth_key_identifier = AuthorityKeyIdentifier::new()
.keyid(false) .keyid(false)
.issuer(false) .issuer(false)
.build(&cert_builder.x509v3_context(Some(ca_cert), None))?; .build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
cert_builder.append_extension(auth_key_identifier)?; cert_builder.append_extension(&auth_key_identifier)?;
let subject_alt_name = SubjectAlternativeName::new() let subject_alt_name = SubjectAlternativeName::new()
.dns("*.example.com") .dns("*.example.com")
.dns("hello.com") .dns("hello.com")
.build(&cert_builder.x509v3_context(Some(ca_cert), None))?; .build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
cert_builder.append_extension(subject_alt_name)?; cert_builder.append_extension(&subject_alt_name)?;
cert_builder.sign(ca_privkey, MessageDigest::sha256())?; cert_builder.sign(ca_privkey, MessageDigest::sha256())?;
let cert = cert_builder.build(); let cert = cert_builder.build();

2
boring/src/pkcs12.rs
View File

@ -260,7 +260,7 @@ mod test {
.unwrap(); .unwrap();
builder.set_subject_name(&name).unwrap(); builder.set_subject_name(&name).unwrap();
builder.set_issuer_name(&name).unwrap(); builder.set_issuer_name(&name).unwrap();
builder.append_extension(key_usage).unwrap(); builder.append_extension(&key_usage).unwrap();
builder.set_pubkey(&pkey).unwrap(); builder.set_pubkey(&pkey).unwrap();
builder.sign(&pkey, MessageDigest::sha256()).unwrap(); builder.sign(&pkey, MessageDigest::sha256()).unwrap();
let cert = builder.build(); let cert = builder.build();

9
boring/src/x509/mod.rs
View File

@ -484,16 +484,9 @@ impl X509Builder {
} }
} }
/// Adds an X509 extension value to the certificate.
///
/// This works just as `append_extension` except it takes ownership of the `X509Extension`.
pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> {
self.append_extension2(&extension)
}
/// Adds an X509 extension value to the certificate. /// Adds an X509 extension value to the certificate.
#[corresponds(X509_add_ext)] #[corresponds(X509_add_ext)]
pub fn append_extension2(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> { pub fn append_extension(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> {
unsafe { unsafe {
cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?; cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?;
Ok(()) Ok(())

14
boring/src/x509/tests/mod.rs
View File

@ -250,34 +250,36 @@ fn x509_builder() {
.unwrap(); .unwrap();
let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap(); let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap();
builder.append_extension(basic_constraints).unwrap(); builder
.append_extension(basic_constraints.as_ref())
.unwrap();
let key_usage = KeyUsage::new() let key_usage = KeyUsage::new()
.digital_signature() .digital_signature()
.key_encipherment() .key_encipherment()
.build() .build()
.unwrap(); .unwrap();
builder.append_extension(key_usage).unwrap(); builder.append_extension(&key_usage).unwrap();
let ext_key_usage = ExtendedKeyUsage::new() let ext_key_usage = ExtendedKeyUsage::new()
.client_auth() .client_auth()
.server_auth() .server_auth()
.other("2.999.1") .other("2.999.1")
.build() .build()
.unwrap(); .unwrap();
builder.append_extension(ext_key_usage).unwrap(); builder.append_extension(&ext_key_usage).unwrap();
let subject_key_identifier = SubjectKeyIdentifier::new() let subject_key_identifier = SubjectKeyIdentifier::new()
.build(&builder.x509v3_context(None, None)) .build(&builder.x509v3_context(None, None))
.unwrap(); .unwrap();
builder.append_extension(subject_key_identifier).unwrap(); builder.append_extension(&subject_key_identifier).unwrap();
let authority_key_identifier = AuthorityKeyIdentifier::new() let authority_key_identifier = AuthorityKeyIdentifier::new()
.keyid(true) .keyid(true)
.build(&builder.x509v3_context(None, None)) .build(&builder.x509v3_context(None, None))
.unwrap(); .unwrap();
builder.append_extension(authority_key_identifier).unwrap(); builder.append_extension(&authority_key_identifier).unwrap();
let subject_alternative_name = SubjectAlternativeName::new() let subject_alternative_name = SubjectAlternativeName::new()
.dns("example.com") .dns("example.com")
.build(&builder.x509v3_context(None, None)) .build(&builder.x509v3_context(None, None))
.unwrap(); .unwrap();
builder.append_extension(subject_alternative_name).unwrap(); builder.append_extension(&subject_alternative_name).unwrap();
builder.sign(&pkey, MessageDigest::sha256()).unwrap(); builder.sign(&pkey, MessageDigest::sha256()).unwrap();