From 14a2f5c5e9541d30b825bd7e2dc6961bc11e6200 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 17:23:57 -0700 Subject: Move X509 extensions to seperate module, implement ToString instead of custom AsStr --- openssl/src/x509/mod.rs | 76 ++++--------------------------------------------- 1 file changed, 6 insertions(+), 70 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 5446f125..6292579b 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -20,6 +20,7 @@ use ffi; use ssl::error::{SslError, StreamError}; use nid; +mod extension; #[cfg(test)] mod tests; @@ -98,74 +99,9 @@ impl X509StoreContext { } } -#[doc(hidden)] -trait AsStr<'a> { - fn as_str(&self) -> &'a str; -} - -#[derive(Clone, Copy)] -pub enum KeyUsage { - DigitalSignature, - NonRepudiation, - KeyEncipherment, - DataEncipherment, - KeyAgreement, - KeyCertSign, - CRLSign, - EncipherOnly, - DecipherOnly -} - -impl AsStr<'static> for KeyUsage { - fn as_str(&self) -> &'static str { - match self { - &KeyUsage::DigitalSignature => "digitalSignature", - &KeyUsage::NonRepudiation => "nonRepudiation", - &KeyUsage::KeyEncipherment => "keyEncipherment", - &KeyUsage::DataEncipherment => "dataEncipherment", - &KeyUsage::KeyAgreement => "keyAgreement", - &KeyUsage::KeyCertSign => "keyCertSign", - &KeyUsage::CRLSign => "cRLSign", - &KeyUsage::EncipherOnly => "encipherOnly", - &KeyUsage::DecipherOnly => "decipherOnly" - } - } -} - - -#[derive(Clone, Copy)] -pub enum ExtKeyUsage { - ServerAuth, - ClientAuth, - CodeSigning, - EmailProtection, - TimeStamping, - MsCodeInd, - MsCodeCom, - MsCtlSign, - MsSgc, - MsEfs, - NsSgc -} - -impl AsStr<'static> for ExtKeyUsage { - fn as_str(&self) -> &'static str { - match self { - &ExtKeyUsage::ServerAuth => "serverAuth", - &ExtKeyUsage::ClientAuth => "clientAuth", - &ExtKeyUsage::CodeSigning => "codeSigning", - &ExtKeyUsage::EmailProtection => "emailProtection", - &ExtKeyUsage::TimeStamping => "timeStamping", - &ExtKeyUsage::MsCodeInd => "msCodeInd", - &ExtKeyUsage::MsCodeCom => "msCodeCom", - &ExtKeyUsage::MsCtlSign => "msCTLSign", - &ExtKeyUsage::MsSgc => "msSGC", - &ExtKeyUsage::MsEfs => "msEFS", - &ExtKeyUsage::NsSgc =>"nsSGC" - } - } -} - +// Backwards-compatibility +pub use self::extension::KeyUsageOption as KeyUsage; +pub use self::extension::ExtKeyUsageOption as ExtKeyUsage; // FIXME: a dirty hack as there is no way to // implement ToString for Vec as both are defined @@ -175,11 +111,11 @@ trait ToStr { fn to_str(&self) -> String; } -impl<'a, T: AsStr<'a>> ToStr for Vec { +impl ToStr for Vec { fn to_str(&self) -> String { self.iter().enumerate().fold(String::new(), |mut acc, (idx, v)| { if idx > 0 { acc.push(',') }; - acc.push_str(v.as_str()); + acc.push_str(&v.to_string()); acc }) } -- cgit v1.2.3 From c4e398d39785e20640216ac595355d45a32c8618 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 17:27:44 -0700 Subject: Turn "dirty hack" into slightly less dirty hack, with potential to become non-dirty --- openssl/src/x509/mod.rs | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 6292579b..864e94c8 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -103,22 +103,14 @@ impl X509StoreContext { pub use self::extension::KeyUsageOption as KeyUsage; pub use self::extension::ExtKeyUsageOption as ExtKeyUsage; -// FIXME: a dirty hack as there is no way to -// implement ToString for Vec as both are defined -// in another crate -#[doc(hidden)] -trait ToStr { - fn to_str(&self) -> String; -} - -impl ToStr for Vec { - fn to_str(&self) -> String { - self.iter().enumerate().fold(String::new(), |mut acc, (idx, v)| { - if idx > 0 { acc.push(',') }; - acc.push_str(&v.to_string()); - acc - }) - } +// FIXME: This would be nicer as a method on Iterator. This can +// eventually be replaced by the successor to std::slice::SliceConcatExt.connect +fn join,T: ToString>(iter: I, sep: &str) -> String { + iter.enumerate().fold(String::new(), |mut acc, (idx, v)| { + if idx > 0 { acc.push_str(sep) }; + acc.push_str(&v.to_string()); + acc + }) } #[allow(non_snake_case)] @@ -314,12 +306,12 @@ impl X509Generator { if self.key_usage.len() > 0 { try!(X509Generator::add_extension(x509.handle, ffi::NID_key_usage, - &self.key_usage.to_str())); + &join(self.key_usage.iter(),","))); } if self.ext_key_usage.len() > 0 { try!(X509Generator::add_extension(x509.handle, ffi::NID_ext_key_usage, - &self.ext_key_usage.to_str())); + &join(self.ext_key_usage.iter(),","))); } let hash_fn = self.hash_type.evp_md(); -- cgit v1.2.3 From 8d1abf5156840cb718f637959a1f98f499a64519 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 18:54:48 -0700 Subject: Implement "extensions" field in X509generator, and change existing extensions to use that --- openssl/src/x509/mod.rs | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 864e94c8..7d936f7e 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -9,6 +9,7 @@ use std::ptr; use std::ops::Deref; use std::fmt; use std::str; +use std::collections::HashMap; use asn1::{Asn1Time}; use bio::{MemBio}; @@ -22,6 +23,8 @@ use nid; mod extension; +use self::extension::{ExtensionType,Extension}; + #[cfg(test)] mod tests; @@ -103,16 +106,6 @@ impl X509StoreContext { pub use self::extension::KeyUsageOption as KeyUsage; pub use self::extension::ExtKeyUsageOption as ExtKeyUsage; -// FIXME: This would be nicer as a method on Iterator. This can -// eventually be replaced by the successor to std::slice::SliceConcatExt.connect -fn join,T: ToString>(iter: I, sep: &str) -> String { - iter.enumerate().fold(String::new(), |mut acc, (idx, v)| { - if idx > 0 { acc.push_str(sep) }; - acc.push_str(&v.to_string()); - acc - }) -} - #[allow(non_snake_case)] /// Generator of private key/certificate pairs /// @@ -153,8 +146,8 @@ pub struct X509Generator { bits: u32, days: u32, CN: String, - key_usage: Vec, - ext_key_usage: Vec, + // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension. + extensions: HashMap, hash_type: HashType, } @@ -173,8 +166,7 @@ impl X509Generator { bits: 1024, days: 365, CN: "rust-openssl".to_string(), - key_usage: Vec::new(), - ext_key_usage: Vec::new(), + extensions: HashMap::new(), hash_type: HashType::SHA1 } } @@ -200,13 +192,13 @@ impl X509Generator { /// Sets what for certificate could be used pub fn set_usage(mut self, purposes: &[KeyUsage]) -> X509Generator { - self.key_usage = purposes.to_vec(); + self.extensions.insert(ExtensionType::KeyUsage,Extension::KeyUsage(purposes.to_owned())); self } /// Sets allowed extended usage of certificate pub fn set_ext_usage(mut self, purposes: &[ExtKeyUsage]) -> X509Generator { - self.ext_key_usage = purposes.to_vec(); + self.extensions.insert(ExtensionType::ExtKeyUsage,Extension::ExtKeyUsage(purposes.to_owned())); self } @@ -304,14 +296,8 @@ impl X509Generator { try!(X509Generator::add_name(name, "CN", &self.CN)); ffi::X509_set_issuer_name(x509.handle, name); - if self.key_usage.len() > 0 { - try!(X509Generator::add_extension(x509.handle, ffi::NID_key_usage, - &join(self.key_usage.iter(),","))); - } - - if self.ext_key_usage.len() > 0 { - try!(X509Generator::add_extension(x509.handle, ffi::NID_ext_key_usage, - &join(self.ext_key_usage.iter(),","))); + for ext in self.extensions.values() { + try!(X509Generator::add_extension(x509.handle, ext.get_nid() as c_int, &ext.to_string())); } let hash_fn = self.hash_type.evp_md(); -- cgit v1.2.3 From 2fa134436707454d8c46a0fba8a7e252fb9f1668 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 22:30:54 -0700 Subject: Add public generic extension interface to X509Generator * Add add_extension and add_extensions functions * Deprecate set_usage and set_ext_usage * Change test to use add_extension --- openssl/src/x509/mod.rs | 53 ++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 9 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 7d936f7e..42bb7a08 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -21,7 +21,7 @@ use ffi; use ssl::error::{SslError, StreamError}; use nid; -mod extension; +pub mod extension; use self::extension::{ExtensionType,Extension}; @@ -190,15 +190,50 @@ impl X509Generator { self } - /// Sets what for certificate could be used - pub fn set_usage(mut self, purposes: &[KeyUsage]) -> X509Generator { - self.extensions.insert(ExtensionType::KeyUsage,Extension::KeyUsage(purposes.to_owned())); + /// (deprecated) Sets what for certificate could be used + /// + /// This function is deprecated, use `X509Generator.add_extension` instead. + pub fn set_usage(self, purposes: &[KeyUsage]) -> X509Generator { + self.add_extension(Extension::KeyUsage(purposes.to_owned())) + } + + /// (deprecated) Sets allowed extended usage of certificate + /// + /// This function is deprecated, use `X509Generator.add_extension` instead. + pub fn set_ext_usage(self, purposes: &[ExtKeyUsage]) -> X509Generator { + self.add_extension(Extension::ExtKeyUsage(purposes.to_owned())) + } + + /// Add an extension to a certificate + /// + /// If the extension already exists, it will be replaced. + /// + /// ``` + /// use openssl::x509::extension::Extension::*; + /// use openssl::x509::extension::KeyUsageOption::*; + /// + /// # let generator = openssl::x509::X509Generator::new(); + /// generator.add_extension(KeyUsage(vec![DigitalSignature, KeyEncipherment])); + /// ``` + pub fn add_extension(mut self, ext: extension::Extension) -> X509Generator { + self.extensions.insert(ext.get_type(),ext); self } - /// Sets allowed extended usage of certificate - pub fn set_ext_usage(mut self, purposes: &[ExtKeyUsage]) -> X509Generator { - self.extensions.insert(ExtensionType::ExtKeyUsage,Extension::ExtKeyUsage(purposes.to_owned())); + /// Add multiple extensions to a certificate + /// + /// If any of the extensions already exist, they will be replaced. + /// + /// ``` + /// use openssl::x509::extension::Extension::*; + /// use openssl::x509::extension::KeyUsageOption::*; + /// + /// # let generator = openssl::x509::X509Generator::new(); + /// generator.add_extensions(vec![KeyUsage(vec![DigitalSignature, KeyEncipherment])]); + /// ``` + pub fn add_extensions(mut self, exts: I) -> X509Generator + where I: IntoIterator { + self.extensions.extend(exts.into_iter().map(|ext|(ext.get_type(),ext))); self } @@ -207,7 +242,7 @@ impl X509Generator { self } - fn add_extension(x509: *mut ffi::X509, extension: c_int, value: &str) -> Result<(), SslError> { + fn add_extension_internal(x509: *mut ffi::X509, extension: c_int, value: &str) -> Result<(), SslError> { unsafe { let mut ctx: ffi::X509V3_CTX = mem::zeroed(); ffi::X509V3_set_ctx(&mut ctx, x509, x509, @@ -297,7 +332,7 @@ impl X509Generator { ffi::X509_set_issuer_name(x509.handle, name); for ext in self.extensions.values() { - try!(X509Generator::add_extension(x509.handle, ext.get_nid() as c_int, &ext.to_string())); + try!(X509Generator::add_extension_internal(x509.handle, ext.get_nid() as c_int, &ext.to_string())); } let hash_fn = self.hash_type.evp_md(); -- cgit v1.2.3 From b46574b63587dab26eb46aa8f45b2dc830053988 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 23:00:48 -0700 Subject: Add arbitrary X509 extensions by OID string --- openssl/src/x509/mod.rs | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 42bb7a08..423a258f 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -242,17 +242,22 @@ impl X509Generator { self } - fn add_extension_internal(x509: *mut ffi::X509, extension: c_int, value: &str) -> Result<(), SslError> { + fn add_extension_internal(x509: *mut ffi::X509, exttype: &extension::ExtensionType, value: &str) -> Result<(), SslError> { unsafe { let mut ctx: ffi::X509V3_CTX = mem::zeroed(); ffi::X509V3_set_ctx(&mut ctx, x509, x509, ptr::null_mut(), ptr::null_mut(), 0); let value = CString::new(value.as_bytes()).unwrap(); - let ext = ffi::X509V3_EXT_conf_nid(ptr::null_mut(), + let ext=match exttype.get_nid() { + Some(nid) => ffi::X509V3_EXT_conf_nid(ptr::null_mut(), mem::transmute(&ctx), - extension, - value.as_ptr() as *mut c_char); - + nid as c_int, + value.as_ptr() as *mut c_char), + None => ffi::X509V3_EXT_conf(ptr::null_mut(), + mem::transmute(&ctx), + exttype.get_name().unwrap().as_ptr() as *mut c_char, + value.as_ptr() as *mut c_char), + }; let mut success = false; if ext != ptr::null_mut() { success = ffi::X509_add_ext(x509, ext, -1) != 0; @@ -331,8 +336,8 @@ impl X509Generator { try!(X509Generator::add_name(name, "CN", &self.CN)); ffi::X509_set_issuer_name(x509.handle, name); - for ext in self.extensions.values() { - try!(X509Generator::add_extension_internal(x509.handle, ext.get_nid() as c_int, &ext.to_string())); + for (exttype,ext) in self.extensions.iter() { + try!(X509Generator::add_extension_internal(x509.handle, exttype, &ext.to_string())); } let hash_fn = self.hash_type.evp_md(); -- cgit v1.2.3 From 11bcac01ecd1b7ba8d758b814ff65dc1dc3ac7e6 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Sun, 14 Jun 2015 17:25:05 -0700 Subject: Replace CN field by names vector --- openssl/src/x509/mod.rs | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 423a258f..b8114384 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -145,7 +145,7 @@ pub use self::extension::ExtKeyUsageOption as ExtKeyUsage; pub struct X509Generator { bits: u32, days: u32, - CN: String, + names: Vec<(String,String)>, // RFC 3280 §4.2: A certificate MUST NOT include more than one instance of a particular extension. extensions: HashMap, hash_type: HashType, @@ -165,7 +165,7 @@ impl X509Generator { X509Generator { bits: 1024, days: 365, - CN: "rust-openssl".to_string(), + names: vec![], extensions: HashMap::new(), hash_type: HashType::SHA1 } @@ -186,7 +186,13 @@ impl X509Generator { #[allow(non_snake_case)] /// Sets Common Name of certificate pub fn set_CN(mut self, CN: &str) -> X509Generator { - self.CN = CN.to_string(); + match self.names.get_mut(0) { + Some(&mut(_,ref mut val)) => *val=CN.to_string(), + _ => {} /* would move push here, but borrow checker won't let me */ + } + if self.names.len()==0 { + self.names.push(("CN".to_string(),CN.to_string())); + } self } @@ -333,7 +339,15 @@ impl X509Generator { let name = ffi::X509_get_subject_name(x509.handle); try_ssl_null!(name); - try!(X509Generator::add_name(name, "CN", &self.CN)); + let default=[("CN","rust-openssl")]; + let default_iter=&mut default.iter().map(|&(k,v)|(k,v)); + let arg_iter=&mut self.names.iter().map(|&(ref k,ref v)|(&k[..],&v[..])); + let iter: &mut Iterator = + if self.names.len()==0 { default_iter } else { arg_iter }; + + for (key,val) in iter { + try!(X509Generator::add_name(name, &key, &val)); + } ffi::X509_set_issuer_name(x509.handle, name); for (exttype,ext) in self.extensions.iter() { -- cgit v1.2.3 From f2b0da1de79b0980b851f704d0eb28baaf985fc2 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Sun, 14 Jun 2015 17:25:35 -0700 Subject: Add public add_name method to X509Generator --- openssl/src/x509/mod.rs | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index b8114384..f624d7ab 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -184,7 +184,10 @@ impl X509Generator { } #[allow(non_snake_case)] - /// Sets Common Name of certificate + /// (deprecated) Sets Common Name of certificate + /// + /// This function is deprecated, use `X509Generator.add_name` instead. + /// Don't use this function AND the `add_name` method pub fn set_CN(mut self, CN: &str) -> X509Generator { match self.names.get_mut(0) { Some(&mut(_,ref mut val)) => *val=CN.to_string(), @@ -196,6 +199,16 @@ impl X509Generator { self } + /// Add attribute to the name of the certificate + /// + /// ```ignore + /// generator.add_name("CN".to_string(),"example.com".to_string()) + /// ``` + pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { + self.names.push((attr_type,attr_value)); + self + } + /// (deprecated) Sets what for certificate could be used /// /// This function is deprecated, use `X509Generator.add_extension` instead. @@ -273,7 +286,7 @@ impl X509Generator { } } - fn add_name(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { + fn add_name_internal(name: *mut ffi::X509_NAME, key: &str, value: &str) -> Result<(), SslError> { let value_len = value.len() as c_int; lift_ssl!(unsafe { let key = CString::new(key.as_bytes()).unwrap(); @@ -346,7 +359,7 @@ impl X509Generator { if self.names.len()==0 { default_iter } else { arg_iter }; for (key,val) in iter { - try!(X509Generator::add_name(name, &key, &val)); + try!(X509Generator::add_name_internal(name, &key, &val)); } ffi::X509_set_issuer_name(x509.handle, name); -- cgit v1.2.3 From 1bcbe8f4bc3f06f3e4ac08d060b27c81e42ad68b Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 15:40:36 -0700 Subject: Add X509generator.add_names method --- openssl/src/x509/mod.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index f624d7ab..717afa65 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -209,6 +209,17 @@ impl X509Generator { self } + /// Add multiple attributes to the name of the certificate + /// + /// ```ignore + /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); + /// ``` + pub fn add_names(mut self, attrs: I) -> X509Generator + where I: IntoIterator { + self.names.extend(attrs); + self + } + /// (deprecated) Sets what for certificate could be used /// /// This function is deprecated, use `X509Generator.add_extension` instead. -- cgit v1.2.3 From e3c562d6a04649e97863224a7c32d1130650c755 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Tue, 30 Jun 2015 15:41:20 -0700 Subject: Fix/add more X509generator tests --- openssl/src/x509/mod.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 717afa65..67258da5 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -201,8 +201,9 @@ impl X509Generator { /// Add attribute to the name of the certificate /// - /// ```ignore - /// generator.add_name("CN".to_string(),"example.com".to_string()) + /// ``` + /// # let generator = openssl::x509::X509Generator::new(); + /// generator.add_name("CN".to_string(),"example.com".to_string()); /// ``` pub fn add_name(mut self, attr_type: String, attr_value: String) -> X509Generator { self.names.push((attr_type,attr_value)); @@ -211,7 +212,8 @@ impl X509Generator { /// Add multiple attributes to the name of the certificate /// - /// ```ignore + /// ``` + /// # let generator = openssl::x509::X509Generator::new(); /// generator.add_names(vec![("CN".to_string(),"example.com".to_string())]); /// ``` pub fn add_names(mut self, attrs: I) -> X509Generator -- cgit v1.2.3 From 1e4cba36e8f302942df229f53ec5c4f5467d4c7c Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 8 Jul 2015 11:05:18 -0700 Subject: Add missing C-string conversion, fixing recent build errors --- openssl/src/x509/mod.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 67258da5..a5df80f5 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -285,10 +285,13 @@ impl X509Generator { mem::transmute(&ctx), nid as c_int, value.as_ptr() as *mut c_char), - None => ffi::X509V3_EXT_conf(ptr::null_mut(), + None => { + let name=CString::new(exttype.get_name().unwrap().as_bytes()).unwrap(); + ffi::X509V3_EXT_conf(ptr::null_mut(), mem::transmute(&ctx), - exttype.get_name().unwrap().as_ptr() as *mut c_char, - value.as_ptr() as *mut c_char), + name.as_ptr() as *mut c_char, + value.as_ptr() as *mut c_char) + } }; let mut success = false; if ext != ptr::null_mut() { -- cgit v1.2.3 From 90dd54b541cb632ca450e68c88c9f36068a559d5 Mon Sep 17 00:00:00 2001 From: Jethro Beekman Date: Wed, 8 Jul 2015 13:37:35 -0700 Subject: Implement certificate extensions for certificate requests --- openssl/src/x509/mod.rs | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'openssl/src/x509/mod.rs') diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index a5df80f5..91daa66a 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -396,11 +396,20 @@ impl X509Generator { Err(x) => return Err(x) }; - let hash_fn = self.hash_type.evp_md(); - let req = unsafe { ffi::X509_to_X509_REQ(cert.handle, p_key.get_handle(), hash_fn) }; - try_ssl_null!(req); + unsafe { + let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null()); + try_ssl_null!(req); + + let exts = ffi::X509_get_extensions(cert.handle); + if exts != ptr::null_mut() { + try_ssl!(ffi::X509_REQ_add_extensions(req,exts)); + } - Ok(X509Req::new(req)) + let hash_fn = self.hash_type.evp_md(); + try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn)); + + Ok(X509Req::new(req)) + } } } -- cgit v1.2.3