Skip to content

Commit

Permalink
A functional rustls-cert-gen with basic parameters.
Browse files Browse the repository at this point in the history
This is basically rustls#185 minus rustls#188 and rustls#189. The structure also differs
as sub modules have been inlined in `main.rs` and `cert.rs`. `anyhow`
has also been added as a dependency to replace the `Result` alias.

Closes rustls#175

includes review fixes such as:

  * remove top-level rsa dependency
  * inline parse_san
  * Check for presence of EKU before pushing.
  * Replace `struct Signature` struct w/ `enum KeypairAlgorithm`
  * update some doc strings
  * make EndEntity and Ca public so they appear in the docs
  • Loading branch information
tbro committed Nov 14, 2023
1 parent 0318d2f commit 34c6919
Show file tree
Hide file tree
Showing 8 changed files with 910 additions and 51 deletions.
324 changes: 316 additions & 8 deletions Cargo.lock

Large diffs are not rendered by default.

5 changes: 4 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@ members = ["rcgen", "rustls-cert-gen"]
resolver = "2"

[workspace.dependencies]
pem = { version = "3.0.2" }
pem = "3.0.2"
rand = "0.8"
ring = "0.17"
x509-parser = "0.15.1"

[workspace.package]
license = "MIT OR Apache-2.0"
Expand Down
10 changes: 5 additions & 5 deletions rcgen/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,10 @@ required-features = ["pem", "x509-parser"]

[dependencies]
yasna = { version = "0.5.2", features = ["time", "std"] }
ring = "0.17"
ring = { workspace = true }
pem = { workspace = true, optional = true }
time = { version = "0.3.6", default-features = false }
x509-parser = { version = "0.15", features = ["verify"], optional = true }
x509-parser = { workspace = true, features = ["verify"], optional = true }
zeroize = { version = "1.2", optional = true }

[features]
Expand All @@ -37,8 +37,8 @@ features = ["x509-parser"]

[dev-dependencies]
openssl = "0.10"
x509-parser = { version = "0.15", features = ["verify"] }
x509-parser = { workspace = true, features = ["verify"] }
rustls-webpki = { version = "0.101.0", features = ["std"] }
botan = { version = "0.10", features = ["vendored"] }
rand = "0.8"
rsa = "0.9"
rand = { workspace = true }
rsa = { version = "0.9" }
10 changes: 9 additions & 1 deletion rustls-cert-gen/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,13 @@ edition.workspace = true
keywords.workspace = true

[dependencies]
rcgen = { path = "../rcgen" }
bpaf = { version = "0.9.5", features = ["derive"] }
pem = { workspace = true }
rcgen = { path = "../rcgen" }
ring = { workspace = true }
rand = { workspace = true }
anyhow = "1.0.75"

[dev-dependencies]
assert_fs = "1.0.13"
x509-parser = { workspace = true, features = ["verify"] }
30 changes: 30 additions & 0 deletions rustls-cert-gen/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# rustls-cert-gen

`rustls-cert-gen` is a tool to generate TLS certificates. In its
current state it will generate a Root CA and an end-entity
certificate, along with private keys. The end-entity certificate will
be signed by the Root CA.

## Usage
Having compiled the binary you can simply pass a path to output
generated files.

cargo run -- -o output/dir

In the output directory you will find these files:

* `cert.pem` (end-entity's X.509 certificate, signed by `root-ca`'s key)
* `cert.key.pem` (end-entity's private key)
* `root-ca.pem` (ca's self-signed X.509 certificate)

For a complete list of supported options:

rustls-cert-gen --help

## FAQ

#### What signature schemes are available?

* `pkcs_ecdsa_p256_sha256`
* `pkcs_ecdsa_p384_sha384`
* `pkcs_ed25519`
Loading

0 comments on commit 34c6919

Please sign in to comment.