-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add KeyUsage support to CSR generation #287
Conversation
I took a stab at simplifying the existing KeyUsage serialization logic. AFAICT, there seems to be no downside to unconditionally encoding KeyUsage with 9 bits—this significantly cuts down the required bit twiddling. I also took the opportunity to use the same logic for both certificates as well as CSRs. Either way—LMK your thoughts on these! |
I'll also add tests for this... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest reorienting the commit history as such:
- Introduce the separate
KeyUsagePurpose
tou16
conversion method, and start using it in the same commit in place (and also other changes to always use 16 bits) - Extract the
write_key_usage()
method from its current context - Add writing key usages in CSR serialization
55ceece
to
1f188c5
Compare
1f188c5
to
82d10db
Compare
A few notes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me, thanks!
It looks like the coverage job enables |
82d10db
to
42f1e3e
Compare
Thanks! Sorry I didn't get a chance to take a look at this before it merged. I reviewed the diff that landed and it looks good to me. |
I've added KeyUsage support to CSR generation, as well as a number of improvements to the parsing and writing of DER-encoded key usages.
These commits can be reviewed in order!
(Coming from #285)