diff options
| author | Steven Fackler <[email protected]> | 2016-08-07 20:38:46 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-08-07 20:38:46 -0700 |
| commit | 7855f428aa48fcb6f4e8ad4c452783df88d20935 (patch) | |
| tree | 64226b41ede10d40b9f01f70db2d3a3b5785a9c2 /openssl/src/x509 | |
| parent | Fix RSA::verify (diff) | |
| download | rust-openssl-7855f428aa48fcb6f4e8ad4c452783df88d20935.tar.xz rust-openssl-7855f428aa48fcb6f4e8ad4c452783df88d20935.zip | |
PKey reform
This deletes the vast majority of PKey's API, since it was weirdly tied
to RSA and super broken.
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/mod.rs | 26 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 2 |
2 files changed, 9 insertions, 19 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 22182d32..fb9d466d 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -14,7 +14,7 @@ use asn1::Asn1Time; use bio::{MemBio, MemBioSlice}; use crypto::hash; use crypto::hash::Type as HashType; -use crypto::pkey::{PKey, Parts}; +use crypto::pkey::PKey; use crypto::rand::rand_bytes; use ffi; use ffi_extras; @@ -106,11 +106,12 @@ impl X509StoreContext { } #[allow(non_snake_case)] +// FIXME /// Generator of private key/certificate pairs /// /// # Example /// -/// ``` +/// ```ignore /// use openssl::crypto::hash::Type; /// use openssl::x509::X509Generator; /// use openssl::x509::extension::{Extension, KeyUsageOption}; @@ -124,7 +125,7 @@ impl X509StoreContext { /// /// let (cert, pkey) = gen.generate().unwrap(); /// let cert_pem = cert.write_pem().unwrap(); -/// let pkey_pem = pkey.write_pem().unwrap(); +/// let pkey_pem = pkey.private_key_to_pem().unwrap(); /// ``` pub struct X509Generator { bits: u32, @@ -297,17 +298,6 @@ impl X509Generator { ((res as c_ulong) >> 1) as c_long } - /// Generates a private key and a self-signed certificate and returns them - pub fn generate(&self) -> Result<(X509, PKey), ErrorStack> { - ffi::init(); - - let mut p_key = PKey::new(); - p_key.gen(self.bits as usize); - - let x509 = try!(self.sign(&p_key)); - Ok((x509, p_key)) - } - /// Sets the certificate public-key, then self-sign and return it /// Note: That the bit-length of the private key is used (set_bitlength is ignored) pub fn sign(&self, p_key: &PKey) -> Result<X509, ErrorStack> { @@ -423,12 +413,10 @@ impl<'a> X509Ref<'a> { } } - pub fn public_key(&self) -> PKey { + pub fn public_key(&self) -> Result<PKey, ErrorStack> { unsafe { - let pkey = ffi::X509_get_pubkey(self.0); - assert!(!pkey.is_null()); - - PKey::from_handle(pkey, Parts::Public) + let pkey = try_ssl_null!(ffi::X509_get_pubkey(self.0)); + Ok(PKey::from_handle(pkey)) } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 167ca8cf..141e1fdb 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -24,6 +24,7 @@ fn get_generator() -> X509Generator { .add_extension(OtherStr("2.999.2".to_owned(), "ASN1:UTF8:example value".to_owned())) } +/* #[test] fn test_cert_gen() { let (cert, pkey) = get_generator().generate().unwrap(); @@ -72,6 +73,7 @@ fn test_req_gen() { // FIXME: check data in result to be correct, needs implementation // of X509_REQ getters } +*/ #[test] fn test_cert_loading() { |