A functional rustls-cert-gen with basic parameters.
#190
Conversation
tbro
force-pushed
the
rustls-cert-gen-basic-functionality
branch
3 times, most recently
from
a8b1b9e to
34c6919
Compare
I think I have addressed everything in that round. |
|
Thank you! I will do another pass in the next day or two. |
tbro
force-pushed
the
rustls-cert-gen-basic-functionality
branch
2 times, most recently
from
42fc2a5 to
2ab513c
Compare
tbro
force-pushed
the
rustls-cert-gen-basic-functionality
branch
from
608ddd4 to
690fa6b
Compare
Yes I also thought of the validity periods. I'm sure there are a few more features that could be added. But my preference is also to finish this first bit. Then it should be much easier to review smaller future PRs that target specific features/enhancements. |
|
I believe latest review comments have been addressed. |
| pem = { workspace = true, optional = true } | ||
| time = { version = "0.3.6", default-features = false } | ||
| x509-parser = { version = "0.15", features = ["verify"], optional = true } | ||
| x509-parser = { workspace = true, features = ["verify"], optional = true } |
There was a problem hiding this comment.
Personally I would prefer specifying all dependency versions at the workspace level, because otherwise it's not very clear when adding a dependency where to look.
| params.distinguished_name = DistinguishedName::new(); | ||
| Self { params } | ||
| } | ||
| /// Set signature algorithm (instead of default). |
There was a problem hiding this comment.
Please add empty lines between all the methods.
| } | ||
| } | ||
|
|
||
| /// Builder to configure TLS [CertificateParams] to be finalized |
There was a problem hiding this comment.
I think usually we link names with both backticks and brackets, like [`CertificateParams`].
| self.params.key_pair = Some(keypair); | ||
| Ok(self) | ||
| } | ||
| /// Set options for Ca Certificates |
There was a problem hiding this comment.
Should probably be [`Ca`], let's not capitalize "Certificates" here?
| use std::{fmt, fs::File, io, path::Path}; | ||
|
|
||
| #[derive(Debug, Clone)] | ||
| /// PEM serialized Certificate and PEM serialized corresponding private key |
There was a problem hiding this comment.
In terms of item ordering I think it would make more sense to keep PemCertifiedKey closer to EndEntity and Certificate, also keeping EndEntityBuilder and CaBuilder together.
This is basically rustls#185 minus rustls#188 and rustls#189. The structure also differs as sub modules have been inlined in `main.rs` and `cert.rs`. `anyhow` has also been added as a dependency to replace the `Result` alias. Closes rustls#175 includes review fixes such as: * remove top-level rsa dependency * inline parse_san * Check for presence of EKU before pushing. * Replace `struct Signature` struct w/ `enum KeypairAlgorithm` * update some doc strings * make EndEntity and Ca public so they appear in the docs * additional test cases
tbro
force-pushed
the
rustls-cert-gen-basic-functionality
branch
from
690fa6b to
6cb4b30
Compare
Why is this necessary - because there's no initial published verison? Can you add context motivating the change to the commit message? |
`semver-checks` fail in CI because there is no published version of `rustls-cert-gen`. excluding it seems like the simplest fix for the moment. other workarounds can be found here: https://github.com/obi1kenobi/cargo-semver-checks#does-the-crate-im-checking-have-to-be-published-on-cratesio
tbro
force-pushed
the
rustls-cert-gen-basic-functionality
branch
from
de651d5 to
46efa11
Compare
Yes I'm working around CI failure due to there no published version of |
|
Makes sense, thank you! |
Recent updates to `rcgen` resulted in an error on key generation. This address that by mapping ring's `Error::Unspecified` to `rcgen::Error::RingUnspecified`.
Specify previous versions of the dependencies to support a minimum rustc version of `1.69` and pass CI checks.
|
Hello everyone. Since we have 3 approvals can we go ahead and merge this? Pretty much every merge into |
|
I'm fine with merging! |
|
(and thanks @tbro for your contribution) |
Cool, thanks for chiming in. I'm going to put it in the queue. Talking to Djc OOB I don't think he'll have a chance to look at this. If he does later we can tackle feedback in follow-up PRs.
+1! |
This is basically #185 minus #188 and #189. The structure also differs as sub modules have been inlined in
main.rsandcert.rs.anyhowhas also been added as a dependency to replace theResultalias.Closes #175