diff options
| author | Steven Fackler <[email protected]> | 2015-08-15 16:04:42 -0400 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2015-08-15 16:04:42 -0400 |
| commit | 769b8312d89e005523dbecb3af4737a85a891232 (patch) | |
| tree | d798504a2230ba8af8114d751b44b49fd1748de2 /openssl/src | |
| parent | Grab errno for directstream want errors (diff) | |
| parent | Implement certificate extensions for certificate requests (diff) | |
| download | rust-openssl-769b8312d89e005523dbecb3af4737a85a891232.tar.xz rust-openssl-769b8312d89e005523dbecb3af4737a85a891232.zip | |
Merge pull request #240 from jethrogb/topic/x509_req_extension
Implement certificate extensions for certificate requests
Diffstat (limited to 'openssl/src')
| -rw-r--r-- | openssl/src/x509/mod.rs | 17 | ||||
| -rw-r--r-- | openssl/src/x509/tests.rs | 25 |
2 files changed, 33 insertions, 9 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a5df80f5..91daa66a 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -396,11 +396,20 @@ impl X509Generator { Err(x) => return Err(x) }; - let hash_fn = self.hash_type.evp_md(); - let req = unsafe { ffi::X509_to_X509_REQ(cert.handle, p_key.get_handle(), hash_fn) }; - try_ssl_null!(req); + unsafe { + let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null()); + try_ssl_null!(req); + + let exts = ffi::X509_get_extensions(cert.handle); + if exts != ptr::null_mut() { + try_ssl!(ffi::X509_REQ_add_extensions(req,exts)); + } - Ok(X509Req::new(req)) + let hash_fn = self.hash_type.evp_md(); + try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn)); + + Ok(X509Req::new(req)) + } } } diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs index 0aed364b..692539ba 100644 --- a/openssl/src/x509/tests.rs +++ b/openssl/src/x509/tests.rs @@ -4,6 +4,7 @@ use std::path::Path; use std::fs::File; use crypto::hash::Type::{SHA256}; +use crypto::pkey::PKey; use x509::{X509, X509Generator}; use x509::extension::Extension::{KeyUsage,ExtKeyUsage,SubjectAltName,OtherNid,OtherStr}; use x509::extension::AltNameOption as SAN; @@ -11,9 +12,8 @@ use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment}; use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth}; use nid::Nid; -#[test] -fn test_cert_gen() { - let gen = X509Generator::new() +fn get_generator() -> X509Generator { + X509Generator::new() .set_bitlength(2048) .set_valid_period(365*2) .add_name("CN".to_string(),"test_me".to_string()) @@ -22,9 +22,12 @@ fn test_cert_gen() { .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())])) .add_extension(SubjectAltName(vec![(SAN::DNS,"example.com".to_owned())])) .add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned())) - .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned())); + .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned())) +} - let (cert, pkey) = gen.generate().unwrap(); +#[test] +fn test_cert_gen() { + let (cert, pkey) = get_generator().generate().unwrap(); cert.write_pem(&mut io::sink()).unwrap(); pkey.write_pem(&mut io::sink()).unwrap(); @@ -35,6 +38,18 @@ fn test_cert_gen() { } #[test] +fn test_req_gen() { + let mut pkey = PKey::new(); + pkey.gen(512); + + let req = get_generator().request(&pkey).unwrap(); + req.write_pem(&mut io::sink()).unwrap(); + + // FIXME: check data in result to be correct, needs implementation + // of X509_REQ getters +} + +#[test] fn test_cert_loading() { let cert_path = Path::new("test/cert.pem"); let mut file = File::open(&cert_path) |