/rust/registry/src/index.crates.io-1949cf8c6b5b557f/openssl-0.10.62/src/x509/extension.rs
Line | Count | Source |
1 | | //! Add extensions to an `X509` certificate or certificate request. |
2 | | //! |
3 | | //! The extensions defined for X.509 v3 certificates provide methods for |
4 | | //! associating additional attributes with users or public keys and for |
5 | | //! managing relationships between CAs. The extensions created using this |
6 | | //! module can be used with `X509v3Context` objects. |
7 | | //! |
8 | | //! # Example |
9 | | //! |
10 | | //! ```rust |
11 | | //! use openssl::x509::extension::BasicConstraints; |
12 | | //! use openssl::x509::X509Extension; |
13 | | //! |
14 | | //! let mut bc = BasicConstraints::new(); |
15 | | //! let bc = bc.critical().ca().pathlen(1); |
16 | | //! |
17 | | //! let extension: X509Extension = bc.build().unwrap(); |
18 | | //! ``` |
19 | | use std::fmt::Write; |
20 | | |
21 | | use crate::asn1::Asn1Object; |
22 | | use crate::error::ErrorStack; |
23 | | use crate::nid::Nid; |
24 | | use crate::x509::{GeneralName, Stack, X509Extension, X509v3Context}; |
25 | | use foreign_types::ForeignType; |
26 | | |
27 | | /// An extension which indicates whether a certificate is a CA certificate. |
28 | | pub struct BasicConstraints { |
29 | | critical: bool, |
30 | | ca: bool, |
31 | | pathlen: Option<u32>, |
32 | | } |
33 | | |
34 | | impl Default for BasicConstraints { |
35 | 0 | fn default() -> BasicConstraints { |
36 | 0 | BasicConstraints::new() |
37 | 0 | } |
38 | | } |
39 | | |
40 | | impl BasicConstraints { |
41 | | /// Construct a new `BasicConstraints` extension. |
42 | 0 | pub fn new() -> BasicConstraints { |
43 | 0 | BasicConstraints { |
44 | 0 | critical: false, |
45 | 0 | ca: false, |
46 | 0 | pathlen: None, |
47 | 0 | } |
48 | 0 | } |
49 | | |
50 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
51 | 0 | pub fn critical(&mut self) -> &mut BasicConstraints { |
52 | 0 | self.critical = true; |
53 | 0 | self |
54 | 0 | } |
55 | | |
56 | | /// Sets the `ca` flag to `true`. |
57 | 0 | pub fn ca(&mut self) -> &mut BasicConstraints { |
58 | 0 | self.ca = true; |
59 | 0 | self |
60 | 0 | } |
61 | | |
62 | | /// Sets the `pathlen` to an optional non-negative value. The `pathlen` is the |
63 | | /// maximum number of CAs that can appear below this one in a chain. |
64 | 0 | pub fn pathlen(&mut self, pathlen: u32) -> &mut BasicConstraints { |
65 | 0 | self.pathlen = Some(pathlen); |
66 | 0 | self |
67 | 0 | } |
68 | | |
69 | | /// Return the `BasicConstraints` extension as an `X509Extension`. |
70 | | // Temporarily silence the deprecation warning - this should be ported to |
71 | | // `X509Extension::new_internal`. |
72 | | #[allow(deprecated)] |
73 | 0 | pub fn build(&self) -> Result<X509Extension, ErrorStack> { |
74 | 0 | let mut value = String::new(); |
75 | 0 | if self.critical { |
76 | 0 | value.push_str("critical,"); |
77 | 0 | } |
78 | 0 | value.push_str("CA:"); |
79 | 0 | if self.ca { |
80 | 0 | value.push_str("TRUE"); |
81 | 0 | } else { |
82 | 0 | value.push_str("FALSE"); |
83 | 0 | } |
84 | 0 | if let Some(pathlen) = self.pathlen { |
85 | 0 | write!(value, ",pathlen:{}", pathlen).unwrap(); |
86 | 0 | } |
87 | 0 | X509Extension::new_nid(None, None, Nid::BASIC_CONSTRAINTS, &value) |
88 | 0 | } |
89 | | } |
90 | | |
91 | | /// An extension consisting of a list of names of the permitted key usages. |
92 | | pub struct KeyUsage { |
93 | | critical: bool, |
94 | | digital_signature: bool, |
95 | | non_repudiation: bool, |
96 | | key_encipherment: bool, |
97 | | data_encipherment: bool, |
98 | | key_agreement: bool, |
99 | | key_cert_sign: bool, |
100 | | crl_sign: bool, |
101 | | encipher_only: bool, |
102 | | decipher_only: bool, |
103 | | } |
104 | | |
105 | | impl Default for KeyUsage { |
106 | 0 | fn default() -> KeyUsage { |
107 | 0 | KeyUsage::new() |
108 | 0 | } |
109 | | } |
110 | | |
111 | | impl KeyUsage { |
112 | | /// Construct a new `KeyUsage` extension. |
113 | 0 | pub fn new() -> KeyUsage { |
114 | 0 | KeyUsage { |
115 | 0 | critical: false, |
116 | 0 | digital_signature: false, |
117 | 0 | non_repudiation: false, |
118 | 0 | key_encipherment: false, |
119 | 0 | data_encipherment: false, |
120 | 0 | key_agreement: false, |
121 | 0 | key_cert_sign: false, |
122 | 0 | crl_sign: false, |
123 | 0 | encipher_only: false, |
124 | 0 | decipher_only: false, |
125 | 0 | } |
126 | 0 | } |
127 | | |
128 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
129 | 0 | pub fn critical(&mut self) -> &mut KeyUsage { |
130 | 0 | self.critical = true; |
131 | 0 | self |
132 | 0 | } |
133 | | |
134 | | /// Sets the `digitalSignature` flag to `true`. |
135 | 0 | pub fn digital_signature(&mut self) -> &mut KeyUsage { |
136 | 0 | self.digital_signature = true; |
137 | 0 | self |
138 | 0 | } |
139 | | |
140 | | /// Sets the `nonRepudiation` flag to `true`. |
141 | 0 | pub fn non_repudiation(&mut self) -> &mut KeyUsage { |
142 | 0 | self.non_repudiation = true; |
143 | 0 | self |
144 | 0 | } |
145 | | |
146 | | /// Sets the `keyEncipherment` flag to `true`. |
147 | 0 | pub fn key_encipherment(&mut self) -> &mut KeyUsage { |
148 | 0 | self.key_encipherment = true; |
149 | 0 | self |
150 | 0 | } |
151 | | |
152 | | /// Sets the `dataEncipherment` flag to `true`. |
153 | 0 | pub fn data_encipherment(&mut self) -> &mut KeyUsage { |
154 | 0 | self.data_encipherment = true; |
155 | 0 | self |
156 | 0 | } |
157 | | |
158 | | /// Sets the `keyAgreement` flag to `true`. |
159 | 0 | pub fn key_agreement(&mut self) -> &mut KeyUsage { |
160 | 0 | self.key_agreement = true; |
161 | 0 | self |
162 | 0 | } |
163 | | |
164 | | /// Sets the `keyCertSign` flag to `true`. |
165 | 0 | pub fn key_cert_sign(&mut self) -> &mut KeyUsage { |
166 | 0 | self.key_cert_sign = true; |
167 | 0 | self |
168 | 0 | } |
169 | | |
170 | | /// Sets the `cRLSign` flag to `true`. |
171 | 0 | pub fn crl_sign(&mut self) -> &mut KeyUsage { |
172 | 0 | self.crl_sign = true; |
173 | 0 | self |
174 | 0 | } |
175 | | |
176 | | /// Sets the `encipherOnly` flag to `true`. |
177 | 0 | pub fn encipher_only(&mut self) -> &mut KeyUsage { |
178 | 0 | self.encipher_only = true; |
179 | 0 | self |
180 | 0 | } |
181 | | |
182 | | /// Sets the `decipherOnly` flag to `true`. |
183 | 0 | pub fn decipher_only(&mut self) -> &mut KeyUsage { |
184 | 0 | self.decipher_only = true; |
185 | 0 | self |
186 | 0 | } |
187 | | |
188 | | /// Return the `KeyUsage` extension as an `X509Extension`. |
189 | | // Temporarily silence the deprecation warning - this should be ported to |
190 | | // `X509Extension::new_internal`. |
191 | | #[allow(deprecated)] |
192 | 0 | pub fn build(&self) -> Result<X509Extension, ErrorStack> { |
193 | 0 | let mut value = String::new(); |
194 | 0 | let mut first = true; |
195 | 0 | append(&mut value, &mut first, self.critical, "critical"); |
196 | 0 | append( |
197 | 0 | &mut value, |
198 | 0 | &mut first, |
199 | 0 | self.digital_signature, |
200 | 0 | "digitalSignature", |
201 | | ); |
202 | 0 | append( |
203 | 0 | &mut value, |
204 | 0 | &mut first, |
205 | 0 | self.non_repudiation, |
206 | 0 | "nonRepudiation", |
207 | | ); |
208 | 0 | append( |
209 | 0 | &mut value, |
210 | 0 | &mut first, |
211 | 0 | self.key_encipherment, |
212 | 0 | "keyEncipherment", |
213 | | ); |
214 | 0 | append( |
215 | 0 | &mut value, |
216 | 0 | &mut first, |
217 | 0 | self.data_encipherment, |
218 | 0 | "dataEncipherment", |
219 | | ); |
220 | 0 | append(&mut value, &mut first, self.key_agreement, "keyAgreement"); |
221 | 0 | append(&mut value, &mut first, self.key_cert_sign, "keyCertSign"); |
222 | 0 | append(&mut value, &mut first, self.crl_sign, "cRLSign"); |
223 | 0 | append(&mut value, &mut first, self.encipher_only, "encipherOnly"); |
224 | 0 | append(&mut value, &mut first, self.decipher_only, "decipherOnly"); |
225 | 0 | X509Extension::new_nid(None, None, Nid::KEY_USAGE, &value) |
226 | 0 | } |
227 | | } |
228 | | |
229 | | /// An extension consisting of a list of usages indicating purposes |
230 | | /// for which the certificate public key can be used for. |
231 | | pub struct ExtendedKeyUsage { |
232 | | critical: bool, |
233 | | items: Vec<String>, |
234 | | } |
235 | | |
236 | | impl Default for ExtendedKeyUsage { |
237 | 0 | fn default() -> ExtendedKeyUsage { |
238 | 0 | ExtendedKeyUsage::new() |
239 | 0 | } |
240 | | } |
241 | | |
242 | | impl ExtendedKeyUsage { |
243 | | /// Construct a new `ExtendedKeyUsage` extension. |
244 | 0 | pub fn new() -> ExtendedKeyUsage { |
245 | 0 | ExtendedKeyUsage { |
246 | 0 | critical: false, |
247 | 0 | items: vec![], |
248 | 0 | } |
249 | 0 | } |
250 | | |
251 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
252 | 0 | pub fn critical(&mut self) -> &mut ExtendedKeyUsage { |
253 | 0 | self.critical = true; |
254 | 0 | self |
255 | 0 | } |
256 | | |
257 | | /// Sets the `serverAuth` flag to `true`. |
258 | 0 | pub fn server_auth(&mut self) -> &mut ExtendedKeyUsage { |
259 | 0 | self.other("serverAuth") |
260 | 0 | } |
261 | | |
262 | | /// Sets the `clientAuth` flag to `true`. |
263 | 0 | pub fn client_auth(&mut self) -> &mut ExtendedKeyUsage { |
264 | 0 | self.other("clientAuth") |
265 | 0 | } |
266 | | |
267 | | /// Sets the `codeSigning` flag to `true`. |
268 | 0 | pub fn code_signing(&mut self) -> &mut ExtendedKeyUsage { |
269 | 0 | self.other("codeSigning") |
270 | 0 | } |
271 | | |
272 | | /// Sets the `emailProtection` flag to `true`. |
273 | 0 | pub fn email_protection(&mut self) -> &mut ExtendedKeyUsage { |
274 | 0 | self.other("emailProtection") |
275 | 0 | } |
276 | | |
277 | | /// Sets the `timeStamping` flag to `true`. |
278 | 0 | pub fn time_stamping(&mut self) -> &mut ExtendedKeyUsage { |
279 | 0 | self.other("timeStamping") |
280 | 0 | } |
281 | | |
282 | | /// Sets the `msCodeInd` flag to `true`. |
283 | 0 | pub fn ms_code_ind(&mut self) -> &mut ExtendedKeyUsage { |
284 | 0 | self.other("msCodeInd") |
285 | 0 | } |
286 | | |
287 | | /// Sets the `msCodeCom` flag to `true`. |
288 | 0 | pub fn ms_code_com(&mut self) -> &mut ExtendedKeyUsage { |
289 | 0 | self.other("msCodeCom") |
290 | 0 | } |
291 | | |
292 | | /// Sets the `msCTLSign` flag to `true`. |
293 | 0 | pub fn ms_ctl_sign(&mut self) -> &mut ExtendedKeyUsage { |
294 | 0 | self.other("msCTLSign") |
295 | 0 | } |
296 | | |
297 | | /// Sets the `msSGC` flag to `true`. |
298 | 0 | pub fn ms_sgc(&mut self) -> &mut ExtendedKeyUsage { |
299 | 0 | self.other("msSGC") |
300 | 0 | } |
301 | | |
302 | | /// Sets the `msEFS` flag to `true`. |
303 | 0 | pub fn ms_efs(&mut self) -> &mut ExtendedKeyUsage { |
304 | 0 | self.other("msEFS") |
305 | 0 | } |
306 | | |
307 | | /// Sets the `nsSGC` flag to `true`. |
308 | 0 | pub fn ns_sgc(&mut self) -> &mut ExtendedKeyUsage { |
309 | 0 | self.other("nsSGC") |
310 | 0 | } |
311 | | |
312 | | /// Sets a flag not already defined. |
313 | 0 | pub fn other(&mut self, other: &str) -> &mut ExtendedKeyUsage { |
314 | 0 | self.items.push(other.to_string()); |
315 | 0 | self |
316 | 0 | } |
317 | | |
318 | | /// Return the `ExtendedKeyUsage` extension as an `X509Extension`. |
319 | 0 | pub fn build(&self) -> Result<X509Extension, ErrorStack> { |
320 | 0 | let mut stack = Stack::new()?; |
321 | 0 | for item in &self.items { |
322 | 0 | stack.push(Asn1Object::from_str(item)?)?; |
323 | | } |
324 | | unsafe { |
325 | 0 | X509Extension::new_internal(Nid::EXT_KEY_USAGE, self.critical, stack.as_ptr().cast()) |
326 | | } |
327 | 0 | } |
328 | | } |
329 | | |
330 | | /// An extension that provides a means of identifying certificates that contain a |
331 | | /// particular public key. |
332 | | pub struct SubjectKeyIdentifier { |
333 | | critical: bool, |
334 | | } |
335 | | |
336 | | impl Default for SubjectKeyIdentifier { |
337 | 0 | fn default() -> SubjectKeyIdentifier { |
338 | 0 | SubjectKeyIdentifier::new() |
339 | 0 | } |
340 | | } |
341 | | |
342 | | impl SubjectKeyIdentifier { |
343 | | /// Construct a new `SubjectKeyIdentifier` extension. |
344 | 0 | pub fn new() -> SubjectKeyIdentifier { |
345 | 0 | SubjectKeyIdentifier { critical: false } |
346 | 0 | } |
347 | | |
348 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
349 | 0 | pub fn critical(&mut self) -> &mut SubjectKeyIdentifier { |
350 | 0 | self.critical = true; |
351 | 0 | self |
352 | 0 | } |
353 | | |
354 | | /// Return a `SubjectKeyIdentifier` extension as an `X509Extension`. |
355 | | // Temporarily silence the deprecation warning - this should be ported to |
356 | | // `X509Extension::new_internal`. |
357 | | #[allow(deprecated)] |
358 | 0 | pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> { |
359 | 0 | let mut value = String::new(); |
360 | 0 | let mut first = true; |
361 | 0 | append(&mut value, &mut first, self.critical, "critical"); |
362 | 0 | append(&mut value, &mut first, true, "hash"); |
363 | 0 | X509Extension::new_nid(None, Some(ctx), Nid::SUBJECT_KEY_IDENTIFIER, &value) |
364 | 0 | } |
365 | | } |
366 | | |
367 | | /// An extension that provides a means of identifying the public key corresponding |
368 | | /// to the private key used to sign a CRL. |
369 | | pub struct AuthorityKeyIdentifier { |
370 | | critical: bool, |
371 | | keyid: Option<bool>, |
372 | | issuer: Option<bool>, |
373 | | } |
374 | | |
375 | | impl Default for AuthorityKeyIdentifier { |
376 | 0 | fn default() -> AuthorityKeyIdentifier { |
377 | 0 | AuthorityKeyIdentifier::new() |
378 | 0 | } |
379 | | } |
380 | | |
381 | | impl AuthorityKeyIdentifier { |
382 | | /// Construct a new `AuthorityKeyIdentifier` extension. |
383 | 0 | pub fn new() -> AuthorityKeyIdentifier { |
384 | 0 | AuthorityKeyIdentifier { |
385 | 0 | critical: false, |
386 | 0 | keyid: None, |
387 | 0 | issuer: None, |
388 | 0 | } |
389 | 0 | } |
390 | | |
391 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
392 | 0 | pub fn critical(&mut self) -> &mut AuthorityKeyIdentifier { |
393 | 0 | self.critical = true; |
394 | 0 | self |
395 | 0 | } |
396 | | |
397 | | /// Sets the `keyid` flag. |
398 | 0 | pub fn keyid(&mut self, always: bool) -> &mut AuthorityKeyIdentifier { |
399 | 0 | self.keyid = Some(always); |
400 | 0 | self |
401 | 0 | } |
402 | | |
403 | | /// Sets the `issuer` flag. |
404 | 0 | pub fn issuer(&mut self, always: bool) -> &mut AuthorityKeyIdentifier { |
405 | 0 | self.issuer = Some(always); |
406 | 0 | self |
407 | 0 | } |
408 | | |
409 | | /// Return a `AuthorityKeyIdentifier` extension as an `X509Extension`. |
410 | | // Temporarily silence the deprecation warning - this should be ported to |
411 | | // `X509Extension::new_internal`. |
412 | | #[allow(deprecated)] |
413 | 0 | pub fn build(&self, ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> { |
414 | 0 | let mut value = String::new(); |
415 | 0 | let mut first = true; |
416 | 0 | append(&mut value, &mut first, self.critical, "critical"); |
417 | 0 | match self.keyid { |
418 | 0 | Some(true) => append(&mut value, &mut first, true, "keyid:always"), |
419 | 0 | Some(false) => append(&mut value, &mut first, true, "keyid"), |
420 | 0 | None => {} |
421 | | } |
422 | 0 | match self.issuer { |
423 | 0 | Some(true) => append(&mut value, &mut first, true, "issuer:always"), |
424 | 0 | Some(false) => append(&mut value, &mut first, true, "issuer"), |
425 | 0 | None => {} |
426 | | } |
427 | 0 | X509Extension::new_nid(None, Some(ctx), Nid::AUTHORITY_KEY_IDENTIFIER, &value) |
428 | 0 | } |
429 | | } |
430 | | |
431 | | enum RustGeneralName { |
432 | | Dns(String), |
433 | | Email(String), |
434 | | Uri(String), |
435 | | Ip(String), |
436 | | Rid(String), |
437 | | OtherName(Asn1Object, Vec<u8>), |
438 | | } |
439 | | |
440 | | /// An extension that allows additional identities to be bound to the subject |
441 | | /// of the certificate. |
442 | | pub struct SubjectAlternativeName { |
443 | | critical: bool, |
444 | | items: Vec<RustGeneralName>, |
445 | | } |
446 | | |
447 | | impl Default for SubjectAlternativeName { |
448 | 0 | fn default() -> SubjectAlternativeName { |
449 | 0 | SubjectAlternativeName::new() |
450 | 0 | } |
451 | | } |
452 | | |
453 | | impl SubjectAlternativeName { |
454 | | /// Construct a new `SubjectAlternativeName` extension. |
455 | 0 | pub fn new() -> SubjectAlternativeName { |
456 | 0 | SubjectAlternativeName { |
457 | 0 | critical: false, |
458 | 0 | items: vec![], |
459 | 0 | } |
460 | 0 | } |
461 | | |
462 | | /// Sets the `critical` flag to `true`. The extension will be critical. |
463 | 0 | pub fn critical(&mut self) -> &mut SubjectAlternativeName { |
464 | 0 | self.critical = true; |
465 | 0 | self |
466 | 0 | } |
467 | | |
468 | | /// Sets the `email` flag. |
469 | 0 | pub fn email(&mut self, email: &str) -> &mut SubjectAlternativeName { |
470 | 0 | self.items.push(RustGeneralName::Email(email.to_string())); |
471 | 0 | self |
472 | 0 | } |
473 | | |
474 | | /// Sets the `uri` flag. |
475 | 0 | pub fn uri(&mut self, uri: &str) -> &mut SubjectAlternativeName { |
476 | 0 | self.items.push(RustGeneralName::Uri(uri.to_string())); |
477 | 0 | self |
478 | 0 | } |
479 | | |
480 | | /// Sets the `dns` flag. |
481 | 0 | pub fn dns(&mut self, dns: &str) -> &mut SubjectAlternativeName { |
482 | 0 | self.items.push(RustGeneralName::Dns(dns.to_string())); |
483 | 0 | self |
484 | 0 | } |
485 | | |
486 | | /// Sets the `rid` flag. |
487 | 0 | pub fn rid(&mut self, rid: &str) -> &mut SubjectAlternativeName { |
488 | 0 | self.items.push(RustGeneralName::Rid(rid.to_string())); |
489 | 0 | self |
490 | 0 | } |
491 | | |
492 | | /// Sets the `ip` flag. |
493 | 0 | pub fn ip(&mut self, ip: &str) -> &mut SubjectAlternativeName { |
494 | 0 | self.items.push(RustGeneralName::Ip(ip.to_string())); |
495 | 0 | self |
496 | 0 | } |
497 | | |
498 | | /// Sets the `dirName` flag. |
499 | | /// |
500 | | /// Not currently actually supported, always panics. |
501 | | #[deprecated = "dir_name is deprecated and always panics. Please file a bug if you have a use case for this."] |
502 | 0 | pub fn dir_name(&mut self, _dir_name: &str) -> &mut SubjectAlternativeName { |
503 | 0 | unimplemented!( |
504 | | "This has not yet been adapted for the new internals. File a bug if you need this." |
505 | | ); |
506 | | } |
507 | | |
508 | | /// Sets the `otherName` flag. |
509 | | /// |
510 | | /// Not currently actually supported, always panics. Please use other_name2 |
511 | | #[deprecated = "other_name is deprecated and always panics. Please use other_name2."] |
512 | 0 | pub fn other_name(&mut self, _other_name: &str) -> &mut SubjectAlternativeName { |
513 | 0 | unimplemented!("This has not yet been adapted for the new internals. Use other_name2."); |
514 | | } |
515 | | |
516 | | /// Sets the `otherName` flag. |
517 | | /// |
518 | | /// `content` must be a valid der encoded ASN1_TYPE |
519 | | /// |
520 | | /// If you want to add just a ia5string use `other_name_ia5string` |
521 | 0 | pub fn other_name2(&mut self, oid: Asn1Object, content: &[u8]) -> &mut SubjectAlternativeName { |
522 | 0 | self.items |
523 | 0 | .push(RustGeneralName::OtherName(oid, content.into())); |
524 | 0 | self |
525 | 0 | } |
526 | | |
527 | | /// Return a `SubjectAlternativeName` extension as an `X509Extension`. |
528 | 0 | pub fn build(&self, _ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> { |
529 | 0 | let mut stack = Stack::new()?; |
530 | 0 | for item in &self.items { |
531 | 0 | let gn = match item { |
532 | 0 | RustGeneralName::Dns(s) => GeneralName::new_dns(s.as_bytes())?, |
533 | 0 | RustGeneralName::Email(s) => GeneralName::new_email(s.as_bytes())?, |
534 | 0 | RustGeneralName::Uri(s) => GeneralName::new_uri(s.as_bytes())?, |
535 | 0 | RustGeneralName::Ip(s) => { |
536 | 0 | GeneralName::new_ip(s.parse().map_err(|_| ErrorStack::get())?)? |
537 | | } |
538 | 0 | RustGeneralName::Rid(s) => GeneralName::new_rid(Asn1Object::from_str(s)?)?, |
539 | 0 | RustGeneralName::OtherName(oid, content) => { |
540 | 0 | GeneralName::new_other_name(oid.clone(), content)? |
541 | | } |
542 | | }; |
543 | 0 | stack.push(gn)?; |
544 | | } |
545 | | |
546 | | unsafe { |
547 | 0 | X509Extension::new_internal(Nid::SUBJECT_ALT_NAME, self.critical, stack.as_ptr().cast()) |
548 | | } |
549 | 0 | } |
550 | | } |
551 | | |
552 | 0 | fn append(value: &mut String, first: &mut bool, should: bool, element: &str) { |
553 | 0 | if !should { |
554 | 0 | return; |
555 | 0 | } |
556 | | |
557 | 0 | if !*first { |
558 | 0 | value.push(','); |
559 | 0 | } |
560 | 0 | *first = false; |
561 | 0 | value.push_str(element); |
562 | 0 | } |