Always provide an X509V3Context in X509Extension::new because OpenSSL requires it for some extensions (and segfaults without)
This commit is contained in:
Alex Gaynor
Anthony Ramine
parent
0f28001027
commit
c80e3a3ec5
|
|
@ -757,14 +757,30 @@ impl X509Extension {
|
|||
) -> Result<X509Extension, ErrorStack> {
|
||||
let name = CString::new(name).unwrap();
|
||||
let value = CString::new(value).unwrap();
|
||||
let mut ctx;
|
||||
unsafe {
|
||||
ffi::init();
|
||||
let conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
|
||||
let context = context.map_or(ptr::null_mut(), X509v3Context::as_ptr);
|
||||
let context_ptr = match context {
|
||||
Some(c) => c.as_ptr(),
|
||||
None => {
|
||||
ctx = mem::zeroed();
|
||||
|
||||
ffi::X509V3_set_ctx(
|
||||
&mut ctx,
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
0,
|
||||
);
|
||||
&mut ctx
|
||||
}
|
||||
};
|
||||
let name = name.as_ptr() as *mut _;
|
||||
let value = value.as_ptr() as *mut _;
|
||||
|
||||
cvt_p(ffi::X509V3_EXT_nconf(conf, context, name, value))
|
||||
cvt_p(ffi::X509V3_EXT_nconf(conf, context_ptr, name, value))
|
||||
.map(|p| X509Extension::from_ptr(p))
|
||||
}
|
||||
}
|
||||
|
|
@ -783,14 +799,30 @@ impl X509Extension {
|
|||
value: &str,
|
||||
) -> Result<X509Extension, ErrorStack> {
|
||||
let value = CString::new(value).unwrap();
|
||||
let mut ctx;
|
||||
unsafe {
|
||||
ffi::init();
|
||||
let conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
|
||||
let context = context.map_or(ptr::null_mut(), X509v3Context::as_ptr);
|
||||
let context_ptr = match context {
|
||||
Some(c) => c.as_ptr(),
|
||||
None => {
|
||||
ctx = mem::zeroed();
|
||||
|
||||
ffi::X509V3_set_ctx(
|
||||
&mut ctx,
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
ptr::null_mut(),
|
||||
0,
|
||||
);
|
||||
&mut ctx
|
||||
}
|
||||
};
|
||||
let name = name.as_raw();
|
||||
let value = value.as_ptr() as *mut _;
|
||||
|
||||
cvt_p(ffi::X509V3_EXT_nconf_nid(conf, context, name, value))
|
||||
cvt_p(ffi::X509V3_EXT_nconf_nid(conf, context_ptr, name, value))
|
||||
.map(|p| X509Extension::from_ptr(p))
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ use crate::x509::extension::{
|
|||
SubjectKeyIdentifier,
|
||||
};
|
||||
use crate::x509::store::X509StoreBuilder;
|
||||
use crate::x509::{X509Name, X509Req, X509StoreContext, X509VerifyResult, X509};
|
||||
use crate::x509::{X509Extension, X509Name, X509Req, X509StoreContext, X509VerifyResult, X509};
|
||||
|
||||
fn pkey() -> PKey<Private> {
|
||||
let rsa = Rsa::generate(2048).unwrap();
|
||||
|
|
@ -250,6 +250,14 @@ fn x509_builder() {
|
|||
assert_eq!(serial, x509.serial_number().to_bn().unwrap());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn x509_extension_new() {
|
||||
assert!(X509Extension::new(None, None, "crlDistributionPoints", "section").is_err());
|
||||
assert!(X509Extension::new(None, None, "proxyCertInfo", "").is_err());
|
||||
assert!(X509Extension::new(None, None, "certificatePolicies", "").is_err());
|
||||
assert!(X509Extension::new(None, None, "subjectAltName", "dirName:section").is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn x509_extension_to_der() {
|
||||
let builder = X509::builder().unwrap();
|
||||
|
|
|
|||
Loading…
Reference in New Issue