-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509-ocsp/remove lifetimes and implement AsExtension #1241
x509-ocsp/remove lifetimes and implement AsExtension #1241
Conversation
This looks great at first glance! Can do a more in-depth review later |
x509-ocsp/src/ext.rs
Outdated
|
||
/// Trait to be implemented by extensions to allow them to be formated for x509 OCSP | ||
/// requests/responses. | ||
pub trait AsExtension: AssociatedOid + der::Encode { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason we can't pull x509_cert::ext::AsExtension
?
Besides the const
that looks very similar.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can be used. The extra subject/extensions arguments for judging criticality didn't seem relevant at all to OCSP though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that doesn't creep in the signer itself and it stays in the builder
. Not a big deal.
Up to you :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we change x509_cert::ext::AsExtension
to accept subject as Option<&Name>
, it'd be easier. Otherwise, I think I'd have to build an empty Name
just to ignore it later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or a Name::default()
:D
This version reorganizes x509-ocsp into separate files for readability and makes use of alloc to remove lifetimes. It also implements an OCSP version of AsExtension for all possible Extensions outlined in RFC-6960 (in a similar fashion to x509-cert) to be used in a future builder. Optional rand_core feature for generating nonces.