Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reading X509 certificate extensions #2032

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

wiktor-k
Copy link
Contributor

@wiktor-k wiktor-k commented Aug 30, 2023

Hi 👋

This PR adds X509::get_ext_by_{nid,obj} functions for retrieving extensions out of X509 certificates as well as X509Extension::data function for reading the actual value.

I've also added test fixture - a certificate with extension to be read.

I've made it into a single function that reads the first extension with the given Nid (OID) but I'm open to suggestions if I should split them into two functions. (current approach allows reading only the first extension with given Nid but it's sufficient for my needs).

unsafe {
let loc = ffi::X509_get_ext_by_NID(self.as_ptr(), nid.as_raw(), -1);
Ok(if loc >= 0 {
Some(X509ExtensionRef::from_ptr(cvt_p(ffi::X509_get_ext(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm kind of not sure if cvt_p is necessary here or whether returned null pointer can just be converted into None (that'd remove the Result from function signature, making it simpler). The docs doesn't seem to be conclusive on this matter: X509_get_ext :/

@wiktor-k
Copy link
Contributor Author

Sorry for disrupting but I was wondering if there's anything that prevents this PR from being merged? I'm planning to use read extensions produced by Yubico and would appreciate review.

Thank you for your time! 🙏

@wiktor-k
Copy link
Contributor Author

Ping @alex. I hope you don't mind :)

This function allows reading extension data bytes.
This function allows retrieving extensions from X509 certificates using
NID objects.
This function allows retrieving extensions from X509 certificates using
ASN1 Object IDs.
@wiktor-k
Copy link
Contributor Author

@sfackler is there anything preventing this from being merged? Thanks! 👋

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant