-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wip: refactoring extension handling #164
Commits on Dec 10, 2023
-
Configuration menu - View commit details
-
Copy full SHA for e5bb524 - Browse repository at this point
Copy the full SHA e5bb524View commit details -
ext: introduce module for X.509 extension handling
This commit creates a new crate-internal module, `ext`, for managing X.509 extensions. In this commit we wire up emitting extensions managed by this module, but do not yet convert any existing extensions to the new arrangement. This will begin in subsequent commits. This adds a dedicated `Extensions` struct and `Extension` trait that handle: * tracking extensions maintaining insertion order. * ensuring the invariant that we never add more than one instance of the same extension OID. * writing the DER encoded SEQUENCE of extensions. * writing each DER encoded extension SEQUENCE - including the OID, criticality, and value. The `Extension` trait allows common operations across all extensions like: * getting the ext OID. * getting the criticality (using a new `Criticality` enum). * getting the raw DER value.
Configuration menu - View commit details
-
Copy full SHA for e8f2721 - Browse repository at this point
Copy the full SHA e8f2721View commit details -
ext: implement authority key identifier.
This commit lifts the authority key identifier extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 1948f6a - Browse repository at this point
Copy the full SHA 1948f6aView commit details -
ext: implement subject alternative name.
This commit lifts the subject alternative name extension into the `ext` module. It additionally ensures we never write an empty SAN extension, if the `CertificateParams` contain an empty vec of SAN names. For the time being SAN extensions are always written as non-criticial, but the required plumbing to handle the RFC5280 guidance on SAN ext criticality is added for follow-up adjustment.
Configuration menu - View commit details
-
Copy full SHA for 6a3359d - Browse repository at this point
Copy the full SHA 6a3359dView commit details -
This commit lifts the key usage extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 063482e - Browse repository at this point
Copy the full SHA 063482eView commit details -
wip: extended key usage (and some CSR fixes)
TODO: Split out the non-eku related bits. This commit lifts the extended key usage extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for fecc1ed - Browse repository at this point
Copy the full SHA fecc1edView commit details -
Configuration menu - View commit details
-
Copy full SHA for 33c1977 - Browse repository at this point
Copy the full SHA 33c1977View commit details -
ext: implement name constraints
This commit lifts the name constraints extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 559dc09 - Browse repository at this point
Copy the full SHA 559dc09View commit details -
Configuration menu - View commit details
-
Copy full SHA for 56e3c3c - Browse repository at this point
Copy the full SHA 56e3c3cView commit details -
Configuration menu - View commit details
-
Copy full SHA for e5bcd11 - Browse repository at this point
Copy the full SHA e5bcd11View commit details -
ext: implement CRL distribution points
This commit lifts the CRL distribution points extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 5ab3d94 - Browse repository at this point
Copy the full SHA 5ab3d94View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2841368 - Browse repository at this point
Copy the full SHA 2841368View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6b9e715 - Browse repository at this point
Copy the full SHA 6b9e715View commit details -
ext: implement subject key ID, specifying SKI
This commit lifts the subject key identifier extension into the `ext` module. Diverging from the existing code we now adhere to the RFC 5280 advice and always emit the SKI extension when generating a certificate. Previously this was only done if the basic constraints specified `IsCa::Ca` or `IsCa::ExplicitNoCa`, but not when using `IsCa::NoCa`.
Configuration menu - View commit details
-
Copy full SHA for a447dc6 - Browse repository at this point
Copy the full SHA a447dc6View commit details -
ext: implement basic constraints
This commit lifts the basic constraints extension into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for d310765 - Browse repository at this point
Copy the full SHA d310765View commit details -
ext: implement custom extensions
This commit lifts the custom extension handling into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 9e9caf6 - Browse repository at this point
Copy the full SHA 9e9caf6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0369073 - Browse repository at this point
Copy the full SHA 0369073View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2d0b890 - Browse repository at this point
Copy the full SHA 2d0b890View commit details -
ext: implement crl number extension
This commit lifts the CRL number extension handling into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for dbc3d36 - Browse repository at this point
Copy the full SHA dbc3d36View commit details -
ext: implement issuing distribution point extension
This commit lifts the CRL issuing distribution point extension handling into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for f0548fa - Browse repository at this point
Copy the full SHA f0548faView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0c96153 - Browse repository at this point
Copy the full SHA 0c96153View commit details -
Configuration menu - View commit details
-
Copy full SHA for a50d976 - Browse repository at this point
Copy the full SHA a50d976View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5d95594 - Browse repository at this point
Copy the full SHA 5d95594View commit details -
ext: implement reason code extension
This commit lifts the CRL entry reason code extension handling into the `ext` module.
Configuration menu - View commit details
-
Copy full SHA for 199d604 - Browse repository at this point
Copy the full SHA 199d604View commit details -
ext: implement invalidity date extension
This commit lifts the CRL entry invalidity date extension into the `ext` module. There are no longer any references to the lib.rs `write_x509_extension` helper, so it is also removed.
Configuration menu - View commit details
-
Copy full SHA for 0287f54 - Browse repository at this point
Copy the full SHA 0287f54View commit details -
crl: use Extensions to write DER
Now that all of the CRL entry extensions have been migrated to `Extensions` we can let that type write the `SEQUENCE` and extension values. There are no longer any callers to `Extensions.iter()` so we remove that fn.
Configuration menu - View commit details
-
Copy full SHA for 006bf28 - Browse repository at this point
Copy the full SHA 006bf28View commit details -
Configuration menu - View commit details
-
Copy full SHA for 98c020f - Browse repository at this point
Copy the full SHA 98c020fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 973271c - Browse repository at this point
Copy the full SHA 973271cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0225a26 - Browse repository at this point
Copy the full SHA 0225a26View commit details