X509Builder::append_extension2 -> X509Builder::append_extension
This commit is contained in:
Rushil Mehra
Alessandro Ghedini
parent
8abba360d3
commit
646ae33c61
|
|
@ -43,18 +43,19 @@ fn mk_ca_cert() -> Result<(X509, PKey<Private>), ErrorStack> {
|
|||
let not_after = Asn1Time::days_from_now(365)?;
|
||||
cert_builder.set_not_after(¬_after)?;
|
||||
|
||||
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
|
||||
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?.as_ref())?;
|
||||
cert_builder.append_extension(
|
||||
KeyUsage::new()
|
||||
.critical()
|
||||
.key_cert_sign()
|
||||
.crl_sign()
|
||||
.build()?,
|
||||
.build()?
|
||||
.as_ref(),
|
||||
)?;
|
||||
|
||||
let subject_key_identifier =
|
||||
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?;
|
||||
cert_builder.append_extension(subject_key_identifier)?;
|
||||
cert_builder.append_extension(&subject_key_identifier)?;
|
||||
|
||||
cert_builder.sign(&privkey, MessageDigest::sha256())?;
|
||||
let cert = cert_builder.build();
|
||||
|
|
@ -106,7 +107,7 @@ fn mk_ca_signed_cert(
|
|||
let not_after = Asn1Time::days_from_now(365)?;
|
||||
cert_builder.set_not_after(¬_after)?;
|
||||
|
||||
cert_builder.append_extension(BasicConstraints::new().build()?)?;
|
||||
cert_builder.append_extension(BasicConstraints::new().build()?.as_ref())?;
|
||||
|
||||
cert_builder.append_extension(
|
||||
KeyUsage::new()
|
||||
|
|
@ -114,24 +115,25 @@ fn mk_ca_signed_cert(
|
|||
.non_repudiation()
|
||||
.digital_signature()
|
||||
.key_encipherment()
|
||||
.build()?,
|
||||
.build()?
|
||||
.as_ref(),
|
||||
)?;
|
||||
|
||||
let subject_key_identifier =
|
||||
SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
|
||||
cert_builder.append_extension(subject_key_identifier)?;
|
||||
cert_builder.append_extension(&subject_key_identifier)?;
|
||||
|
||||
let auth_key_identifier = AuthorityKeyIdentifier::new()
|
||||
.keyid(false)
|
||||
.issuer(false)
|
||||
.build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
|
||||
cert_builder.append_extension(auth_key_identifier)?;
|
||||
cert_builder.append_extension(&auth_key_identifier)?;
|
||||
|
||||
let subject_alt_name = SubjectAlternativeName::new()
|
||||
.dns("*.example.com")
|
||||
.dns("hello.com")
|
||||
.build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
|
||||
cert_builder.append_extension(subject_alt_name)?;
|
||||
cert_builder.append_extension(&subject_alt_name)?;
|
||||
|
||||
cert_builder.sign(ca_privkey, MessageDigest::sha256())?;
|
||||
let cert = cert_builder.build();
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ mod test {
|
|||
.unwrap();
|
||||
builder.set_subject_name(&name).unwrap();
|
||||
builder.set_issuer_name(&name).unwrap();
|
||||
builder.append_extension(key_usage).unwrap();
|
||||
builder.append_extension(&key_usage).unwrap();
|
||||
builder.set_pubkey(&pkey).unwrap();
|
||||
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
|
||||
let cert = builder.build();
|
||||
|
|
|
|||
|
|
@ -484,16 +484,9 @@ impl X509Builder {
|
|||
}
|
||||
}
|
||||
|
||||
/// Adds an X509 extension value to the certificate.
|
||||
///
|
||||
/// This works just as `append_extension` except it takes ownership of the `X509Extension`.
|
||||
pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> {
|
||||
self.append_extension2(&extension)
|
||||
}
|
||||
|
||||
/// Adds an X509 extension value to the certificate.
|
||||
#[corresponds(X509_add_ext)]
|
||||
pub fn append_extension2(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> {
|
||||
pub fn append_extension(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> {
|
||||
unsafe {
|
||||
cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?;
|
||||
Ok(())
|
||||
|
|
|
|||
|
|
@ -250,34 +250,36 @@ fn x509_builder() {
|
|||
.unwrap();
|
||||
|
||||
let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap();
|
||||
builder.append_extension(basic_constraints).unwrap();
|
||||
builder
|
||||
.append_extension(basic_constraints.as_ref())
|
||||
.unwrap();
|
||||
let key_usage = KeyUsage::new()
|
||||
.digital_signature()
|
||||
.key_encipherment()
|
||||
.build()
|
||||
.unwrap();
|
||||
builder.append_extension(key_usage).unwrap();
|
||||
builder.append_extension(&key_usage).unwrap();
|
||||
let ext_key_usage = ExtendedKeyUsage::new()
|
||||
.client_auth()
|
||||
.server_auth()
|
||||
.other("2.999.1")
|
||||
.build()
|
||||
.unwrap();
|
||||
builder.append_extension(ext_key_usage).unwrap();
|
||||
builder.append_extension(&ext_key_usage).unwrap();
|
||||
let subject_key_identifier = SubjectKeyIdentifier::new()
|
||||
.build(&builder.x509v3_context(None, None))
|
||||
.unwrap();
|
||||
builder.append_extension(subject_key_identifier).unwrap();
|
||||
builder.append_extension(&subject_key_identifier).unwrap();
|
||||
let authority_key_identifier = AuthorityKeyIdentifier::new()
|
||||
.keyid(true)
|
||||
.build(&builder.x509v3_context(None, None))
|
||||
.unwrap();
|
||||
builder.append_extension(authority_key_identifier).unwrap();
|
||||
builder.append_extension(&authority_key_identifier).unwrap();
|
||||
let subject_alternative_name = SubjectAlternativeName::new()
|
||||
.dns("example.com")
|
||||
.build(&builder.x509v3_context(None, None))
|
||||
.unwrap();
|
||||
builder.append_extension(subject_alternative_name).unwrap();
|
||||
builder.append_extension(&subject_alternative_name).unwrap();
|
||||
|
||||
builder.sign(&pkey, MessageDigest::sha256()).unwrap();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue