diff options
| author | Steven Fackler <[email protected]> | 2017-12-25 22:02:41 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2017-12-25 22:09:27 -0700 |
| commit | 2adf2cf12bf1afb806ec8bfb222d32831137d749 (patch) | |
| tree | 7af6a6aeecd9113d7b22028a13eed5df11fa3127 /openssl/src/x509 | |
| parent | Merge pull request #797 from sfackler/fixmes (diff) | |
| download | rust-openssl-2adf2cf12bf1afb806ec8bfb222d32831137d749.tar.xz rust-openssl-2adf2cf12bf1afb806ec8bfb222d32831137d749.zip | |
Remove deprecated APIs
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/extension.rs | 232 | ||||
| -rw-r--r-- | openssl/src/x509/mod.rs | 278 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 127 |
3 files changed, 5 insertions, 632 deletions
diff --git a/openssl/src/x509/extension.rs b/openssl/src/x509/extension.rs index a0b07c85..5c276b4a 100644 --- a/openssl/src/x509/extension.rs +++ b/openssl/src/x509/extension.rs @@ -1,239 +1,9 @@ -use std::fmt::{self, Write}; +use std::fmt::Write; use error::ErrorStack; use nid::Nid; use x509::{X509Extension, X509v3Context}; -/// Type-only version of the `Extension` enum. -/// -/// See the `Extension` documentation for more information on the different -/// variants. -#[derive(Clone, Hash, PartialEq, Eq)] -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub enum ExtensionType { - KeyUsage, - ExtKeyUsage, - SubjectAltName, - IssuerAltName, - OtherNid(Nid), - OtherStr(String), -} - -/// A X.509 v3 certificate extension. -/// -/// Only one extension of each type is allow in a certificate. -/// See RFC 3280 for more information about extensions. -#[derive(Clone)] -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub enum Extension { - /// The purposes of the key contained in the certificate - KeyUsage(Vec<KeyUsageOption>), - /// The extended purposes of the key contained in the certificate - ExtKeyUsage(Vec<ExtKeyUsageOption>), - /// Subject Alternative Names - SubjectAltName(Vec<(AltNameOption, String)>), - /// Issuer Alternative Names - IssuerAltName(Vec<(AltNameOption, String)>), - /// Arbitrary extensions by NID. See `man x509v3_config` for value syntax. - /// - /// You must not use this to add extensions which this enum can express directly. - /// - /// ``` - /// use openssl::x509::extension::Extension::*; - /// use openssl::nid::Nid; - /// - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extension(OtherNid(Nid::BASIC_CONSTRAINTS,"critical,CA:TRUE".to_owned())); - /// ``` - OtherNid(Nid, String), - /// Arbitrary extensions by OID string. See `man ASN1_generate_nconf` for value syntax. - /// - /// You must not use this to add extensions which this enum can express directly. - /// - /// ``` - /// use openssl::x509::extension::Extension::*; - /// - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned())); - /// ``` - OtherStr(String, String), -} - -impl Extension { - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn get_type(&self) -> ExtensionType { - match self { - &Extension::KeyUsage(_) => ExtensionType::KeyUsage, - &Extension::ExtKeyUsage(_) => ExtensionType::ExtKeyUsage, - &Extension::SubjectAltName(_) => ExtensionType::SubjectAltName, - &Extension::IssuerAltName(_) => ExtensionType::IssuerAltName, - &Extension::OtherNid(nid, _) => ExtensionType::OtherNid(nid), - &Extension::OtherStr(ref s, _) => ExtensionType::OtherStr(s.clone()), - } - } -} - -impl ExtensionType { - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn get_nid(&self) -> Option<Nid> { - match self { - &ExtensionType::KeyUsage => Some(Nid::KEY_USAGE), - &ExtensionType::ExtKeyUsage => Some(Nid::EXT_KEY_USAGE), - &ExtensionType::SubjectAltName => Some(Nid::SUBJECT_ALT_NAME), - &ExtensionType::IssuerAltName => Some(Nid::ISSUER_ALT_NAME), - &ExtensionType::OtherNid(nid) => Some(nid), - &ExtensionType::OtherStr(_) => None, - } - } - - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn get_name(&self) -> Option<&str> { - match self { - &ExtensionType::OtherStr(ref s) => Some(s), - _ => None, - } - } -} - -// FIXME: This would be nicer as a method on Iterator<Item=ToString>. This can -// eventually be replaced by the successor to std::slice::SliceConcatExt.connect -fn join<I: Iterator<Item = T>, T: ToString>(iter: I, sep: &str) -> String { - iter.enumerate().fold(String::new(), |mut acc, (idx, v)| { - if idx > 0 { - acc.push_str(sep) - }; - acc.push_str(&v.to_string()); - acc - }) -} - -impl ToString for Extension { - fn to_string(&self) -> String { - match self { - &Extension::KeyUsage(ref purposes) => join(purposes.iter(), ","), - &Extension::ExtKeyUsage(ref purposes) => join(purposes.iter(), ","), - &Extension::SubjectAltName(ref names) => join( - names - .iter() - .map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), - ",", - ), - &Extension::IssuerAltName(ref names) => join( - names - .iter() - .map(|&(ref opt, ref val)| opt.to_string() + ":" + &val), - ",", - ), - &Extension::OtherNid(_, ref value) => value.clone(), - &Extension::OtherStr(_, ref value) => value.clone(), - } - } -} - -#[derive(Clone, Copy)] -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub enum KeyUsageOption { - DigitalSignature, - NonRepudiation, - KeyEncipherment, - DataEncipherment, - KeyAgreement, - KeyCertSign, - CRLSign, - EncipherOnly, - DecipherOnly, -} - -impl fmt::Display for KeyUsageOption { - fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> { - f.pad(match self { - &KeyUsageOption::DigitalSignature => "digitalSignature", - &KeyUsageOption::NonRepudiation => "nonRepudiation", - &KeyUsageOption::KeyEncipherment => "keyEncipherment", - &KeyUsageOption::DataEncipherment => "dataEncipherment", - &KeyUsageOption::KeyAgreement => "keyAgreement", - &KeyUsageOption::KeyCertSign => "keyCertSign", - &KeyUsageOption::CRLSign => "cRLSign", - &KeyUsageOption::EncipherOnly => "encipherOnly", - &KeyUsageOption::DecipherOnly => "decipherOnly", - }) - } -} - -#[derive(Clone)] -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub enum ExtKeyUsageOption { - ServerAuth, - ClientAuth, - CodeSigning, - EmailProtection, - TimeStamping, - MsCodeInd, - MsCodeCom, - MsCtlSign, - MsSgc, - MsEfs, - NsSgc, - /// An arbitrary key usage by OID. - Other(String), -} - -impl fmt::Display for ExtKeyUsageOption { - fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> { - f.pad(match self { - &ExtKeyUsageOption::ServerAuth => "serverAuth", - &ExtKeyUsageOption::ClientAuth => "clientAuth", - &ExtKeyUsageOption::CodeSigning => "codeSigning", - &ExtKeyUsageOption::EmailProtection => "emailProtection", - &ExtKeyUsageOption::TimeStamping => "timeStamping", - &ExtKeyUsageOption::MsCodeInd => "msCodeInd", - &ExtKeyUsageOption::MsCodeCom => "msCodeCom", - &ExtKeyUsageOption::MsCtlSign => "msCTLSign", - &ExtKeyUsageOption::MsSgc => "msSGC", - &ExtKeyUsageOption::MsEfs => "msEFS", - &ExtKeyUsageOption::NsSgc => "nsSGC", - &ExtKeyUsageOption::Other(ref s) => &s[..], - }) - } -} - -#[derive(Clone, Copy)] -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub enum AltNameOption { - /// The value is specified as OID;content. See `man ASN1_generate_nconf` for more information on the content syntax. - /// - /// ``` - /// use openssl::x509::extension::Extension::*; - /// use openssl::x509::extension::AltNameOption::Other as OtherName; - /// - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extension(SubjectAltName(vec![(OtherName,"2.999.3;ASN1:UTF8:some other name".to_owned())])); - /// ``` - Other, - Email, - DNS, - // X400, // Not supported by OpenSSL - Directory, - // EDIParty, // Not supported by OpenSSL - URI, - IPAddress, - RegisteredID, -} - -impl fmt::Display for AltNameOption { - fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> { - f.pad(match self { - &AltNameOption::Other => "otherName", - &AltNameOption::Email => "email", - &AltNameOption::DNS => "DNS", - &AltNameOption::Directory => "dirName", - &AltNameOption::URI => "URI", - &AltNameOption::IPAddress => "IP", - &AltNameOption::RegisteredID => "RID", - }) - } -} - pub struct BasicConstraints { critical: bool, ca: bool, diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 54e761da..71c0c83a 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1,8 +1,6 @@ -#![allow(deprecated)] use libc::{c_int, c_long}; use ffi; use foreign_types::{ForeignType, ForeignTypeRef}; -use std::collections::HashMap; use std::error::Error; use std::ffi::{CStr, CString}; use std::fmt; @@ -14,9 +12,8 @@ use std::slice; use std::str; use {cvt, cvt_n, cvt_p}; -use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1Time, Asn1TimeRef}; +use asn1::{Asn1BitStringRef, Asn1IntegerRef, Asn1ObjectRef, Asn1StringRef, Asn1TimeRef}; use bio::MemBioSlice; -use bn::{BigNum, MsbOption}; use conf::ConfRef; use error::ErrorStack; use hash::MessageDigest; @@ -36,8 +33,6 @@ use ffi::{ASN1_STRING_get0_data as ASN1_STRING_data, #[cfg(any(all(feature = "v102", ossl102), all(feature = "v110", ossl110)))] pub mod verify; -use x509::extension::{Extension, ExtensionType}; - pub mod extension; pub mod store; @@ -110,196 +105,6 @@ impl X509StoreContextRef { } } -#[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] -pub struct X509Generator { - days: u32, - names: Vec<(String, String)>, - extensions: Extensions, - hash_type: MessageDigest, -} - -#[allow(deprecated)] -impl X509Generator { - /// Creates a new generator with the following defaults: - /// - /// validity period: 365 days - /// - /// CN: "rust-openssl" - /// - /// hash: SHA1 - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn new() -> X509Generator { - X509Generator { - days: 365, - names: vec![], - extensions: Extensions::new(), - hash_type: MessageDigest::sha1(), - } - } - - /// Sets certificate validity period in days since today - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn set_valid_period(mut self, days: u32) -> X509Generator { - self.days = days; - self - } - - /// Add attribute to the name of the certificate - /// - /// ``` - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_name("CN".to_string(),"example.com".to_string()); - /// ``` - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { - self.names.push((attr_type, attr_value)); - self - } - - /// Add multiple attributes to the name of the certificate - /// - /// ``` - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); - /// ``` - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn add_names<I>(mut self, attrs: I) -> X509Generator - where - I: IntoIterator<Item = (String, String)>, - { - self.names.extend(attrs); - self - } - - /// Add an extension to a certificate - /// - /// If the extension already exists, it will be replaced. - /// - /// ``` - /// use openssl::x509::extension::Extension::*; - /// use openssl::x509::extension::KeyUsageOption::*; - /// - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); - /// ``` - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { - self.extensions.add(ext); - self - } - - /// Add multiple extensions to a certificate - /// - /// If any of the extensions already exist, they will be replaced. - /// - /// ``` - /// use openssl::x509::extension::Extension::*; - /// use openssl::x509::extension::KeyUsageOption::*; - /// - /// # let generator = openssl::x509::X509Generator::new(); - /// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]); - /// ``` - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn add_extensions<I>(mut self, exts: I) -> X509Generator - where - I: IntoIterator<Item = extension::Extension>, - { - for ext in exts { - self.extensions.add(ext); - } - - self - } - - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn set_sign_hash(mut self, hash_type: MessageDigest) -> X509Generator { - self.hash_type = hash_type; - self - } - - /// Sets the certificate public-key, then self-sign and return it - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn sign(&self, p_key: &PKeyRef) -> Result<X509, ErrorStack> { - let mut builder = X509::builder()?; - builder.set_version(2)?; - - let mut serial = BigNum::new()?; - serial.rand(128, MsbOption::MAYBE_ZERO, false)?; - let serial = serial.to_asn1_integer()?; - builder.set_serial_number(&serial)?; - - let not_before = Asn1Time::days_from_now(0)?; - builder.set_not_before(¬_before)?; - let not_after = Asn1Time::days_from_now(self.days)?; - builder.set_not_after(¬_after)?; - - builder.set_pubkey(p_key)?; - - let mut name = X509Name::builder()?; - if self.names.is_empty() { - name.append_entry_by_nid(Nid::COMMONNAME, "rust-openssl")?; - } else { - for &(ref key, ref value) in &self.names { - name.append_entry_by_text(key, value)?; - } - } - let name = name.build(); - - builder.set_subject_name(&name)?; - builder.set_issuer_name(&name)?; - - for (exttype, ext) in self.extensions.iter() { - let extension = match exttype.get_nid() { - Some(nid) => { - let ctx = builder.x509v3_context(None, None); - X509Extension::new_nid(None, Some(&ctx), nid, &ext.to_string())? - } - None => { - let ctx = builder.x509v3_context(None, None); - X509Extension::new( - None, - Some(&ctx), - &exttype.get_name().unwrap(), - &ext.to_string(), - )? - } - }; - builder.append_extension(extension)?; - } - - builder.sign(p_key, self.hash_type)?; - Ok(builder.build()) - } - - /// Obtain a certificate signing request (CSR) - #[deprecated(since = "0.9.7", note = "use X509Builder and X509ReqBuilder instead")] - pub fn request(&self, p_key: &PKeyRef) -> Result<X509Req, ErrorStack> { - let cert = match self.sign(p_key) { - Ok(c) => c, - Err(x) => return Err(x), - }; - - unsafe { - let req = cvt_p(ffi::X509_to_X509_REQ( - cert.as_ptr(), - ptr::null_mut(), - ptr::null(), - ))?; - let req = X509Req::from_ptr(req); - - let exts = compat::X509_get0_extensions(cert.as_ptr()); - if exts != ptr::null_mut() { - cvt(ffi::X509_REQ_add_extensions(req.as_ptr(), exts as *mut _))?; - } - - let hash_fn = self.hash_type.as_ptr(); - cvt(ffi::X509_REQ_sign(req.as_ptr(), p_key.as_ptr(), hash_fn))?; - - Ok(req) - } - } -} - /// A builder type which can create `X509` objects. pub struct X509Builder(X509); @@ -941,75 +746,6 @@ impl X509ReqRef { } } -/// A collection of X.509 extensions. -/// -/// Upholds the invariant that a certificate MUST NOT include more than one -/// instance of a particular extension, according to RFC 3280 ยง4.2. Also -/// ensures that extensions are added to the certificate during signing -/// in the order they were inserted, which is required for certain -/// extensions like SubjectKeyIdentifier and AuthorityKeyIdentifier. -struct Extensions { - /// The extensions contained in the collection. - extensions: Vec<Extension>, - /// A map of used to keep track of added extensions and their indexes in `self.extensions`. - indexes: HashMap<ExtensionType, usize>, -} - -impl Extensions { - /// Creates a new `Extensions`. - pub fn new() -> Extensions { - Extensions { - extensions: vec![], - indexes: HashMap::new(), - } - } - - /// Adds a new `Extension`, replacing any existing one of the same - /// `ExtensionType`. - pub fn add(&mut self, ext: Extension) { - let ext_type = ext.get_type(); - - if let Some(index) = self.indexes.get(&ext_type) { - self.extensions[*index] = ext; - return; - } - - self.extensions.push(ext); - self.indexes.insert(ext_type, self.extensions.len() - 1); - } - - /// Returns an `ExtensionsIter` for the collection. - pub fn iter(&self) -> ExtensionsIter { - ExtensionsIter { - current: 0, - extensions: &self.extensions, - } - } -} - -/// An iterator that iterates over `(ExtensionType, Extension)` for each -/// extension in the collection. -struct ExtensionsIter<'a> { - current: usize, - extensions: &'a Vec<Extension>, -} - -impl<'a> Iterator for ExtensionsIter<'a> { - type Item = (ExtensionType, &'a Extension); - - fn next(&mut self) -> Option<Self::Item> { - if self.current < self.extensions.len() { - let ext = &self.extensions[self.current]; - - self.current += 1; - - Some((ext.get_type(), ext)) - } else { - None - } - } -} - pub struct X509VerifyError(c_long); impl fmt::Debug for X509VerifyError { @@ -1135,7 +871,6 @@ mod compat { pub use ffi::X509_getm_notAfter as X509_get_notAfter; pub use ffi::X509_getm_notBefore as X509_get_notBefore; pub use ffi::X509_up_ref; - pub use ffi::X509_get0_extensions; pub use ffi::X509_REQ_get_version; pub use ffi::X509_REQ_get_subject_name; pub use ffi::X509_get0_signature; @@ -1166,17 +901,6 @@ mod compat { ); } - pub unsafe fn X509_get0_extensions( - cert: *const ffi::X509, - ) -> *const ffi::stack_st_X509_EXTENSION { - let info = (*cert).cert_info; - if info.is_null() { - 0 as *mut _ - } else { - (*info).extensions - } - } - pub unsafe fn X509_REQ_get_version(x: *mut ffi::X509_REQ) -> ::libc::c_long { ::ffi::ASN1_INTEGER_get((*(*x).req_info).version) } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 1ad0218c..a86aa30a 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -2,43 +2,14 @@ use hex::{FromHex, ToHex}; use asn1::Asn1Time; use bn::{BigNum, MsbOption}; -use ec::{Asn1Flag, EcGroup, EcKey}; use hash::MessageDigest; use nid::Nid; use pkey::PKey; use rsa::Rsa; use stack::Stack; -use x509::{X509, X509Generator, X509Name, X509Req}; -use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, Extension, - KeyUsage, SubjectAlternativeName, SubjectKeyIdentifier}; -use ssl::{SslContextBuilder, SslMethod}; -use x509::extension::AltNameOption as SAN; -use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; -use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; - -fn get_generator() -> X509Generator { - X509Generator::new() - .set_valid_period(365 * 2) - .add_name("CN".to_string(), "test_me".to_string()) - .set_sign_hash(MessageDigest::sha1()) - .add_extension(Extension::KeyUsage(vec![DigitalSignature, KeyEncipherment])) - .add_extension(Extension::ExtKeyUsage(vec![ - ClientAuth, - ServerAuth, - ExtKeyUsageOption::Other("2.999.1".to_owned()), - ])) - .add_extension(Extension::SubjectAltName(vec![ - (SAN::DNS, "example.com".to_owned()), - ])) - .add_extension(Extension::OtherNid( - Nid::BASIC_CONSTRAINTS, - "critical,CA:TRUE".to_owned(), - )) - .add_extension(Extension::OtherStr( - "2.999.2".to_owned(), - "ASN1:UTF8:example value".to_owned(), - )) -} +use x509::{X509, X509Name, X509Req}; +use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, + SubjectAlternativeName, SubjectKeyIdentifier}; fn pkey() -> PKey { let rsa = Rsa::generate(2048).unwrap(); @@ -46,78 +17,6 @@ fn pkey() -> PKey { } #[test] -fn test_cert_gen() { - let pkey = pkey(); - let cert = get_generator().sign(&pkey).unwrap(); - - // FIXME: check data in result to be correct, needs implementation - // of X509 getters - - assert_eq!( - pkey.public_key_to_pem().unwrap(), - cert.public_key().unwrap().public_key_to_pem().unwrap() - ); -} - -/// SubjectKeyIdentifier must be added before AuthorityKeyIdentifier or OpenSSL -/// is "unable to get issuer keyid." This test ensures the order of insertion -/// for extensions is preserved when the cert is signed. -#[test] -fn test_cert_gen_extension_ordering() { - let pkey = pkey(); - get_generator() - .add_extension(Extension::OtherNid( - Nid::SUBJECT_KEY_IDENTIFIER, - "hash".to_owned(), - )) - .add_extension(Extension::OtherNid( - Nid::AUTHORITY_KEY_IDENTIFIER, - "keyid:always".to_owned(), - )) - .sign(&pkey) - .expect("Failed to generate cert with order-dependent extensions"); -} - -/// Proves that a passing result from `test_cert_gen_extension_ordering` is -/// deterministic by reversing the order of extensions and asserting failure. -#[test] -fn test_cert_gen_extension_bad_ordering() { - let pkey = pkey(); - let result = get_generator() - .add_extension(Extension::OtherNid( - Nid::AUTHORITY_KEY_IDENTIFIER, - "keyid:always".to_owned(), - )) - .add_extension(Extension::OtherNid( - Nid::SUBJECT_KEY_IDENTIFIER, - "hash".to_owned(), - )) - .sign(&pkey); - - assert!(result.is_err()); -} - -#[test] -fn test_req_gen() { - let pkey = pkey(); - - let req = get_generator().request(&pkey).unwrap(); - let reqpem = req.to_pem().unwrap(); - - let req = X509Req::from_pem(&reqpem).ok().expect("Failed to load PEM"); - let cn = (*req) - .subject_name() - .entries_by_nid(Nid::COMMONNAME) - .next() - .unwrap(); - assert_eq!(0, (*req).version()); - assert_eq!(cn.data().as_slice(), b"test_me"); - - // FIXME: check data in result to be correct, needs implementation - // of X509_REQ getters -} - -#[test] fn test_cert_loading() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).ok().expect("Failed to load PEM"); @@ -359,26 +258,6 @@ fn issued() { } #[test] -fn ecdsa_cert() { - let mut group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); - group.set_asn1_flag(Asn1Flag::NAMED_CURVE); - let key = EcKey::generate(&group).unwrap(); - let key = PKey::from_ec_key(key).unwrap(); - - let cert = X509Generator::new() - .set_valid_period(365) - .add_name("CN".to_owned(), "TestServer".to_owned()) - .set_sign_hash(MessageDigest::sha256()) - .sign(&key) - .unwrap(); - - let mut ctx = SslContextBuilder::new(SslMethod::tls()).unwrap(); - ctx.set_certificate(&cert).unwrap(); - ctx.set_private_key(&key).unwrap(); - ctx.check_private_key().unwrap(); -} - -#[test] fn signature() { let cert = include_bytes!("../../test/cert.pem"); let cert = X509::from_pem(cert).unwrap(); |