-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add extension request support #78
Conversation
On the test failing, I tried to change the type from |
Hi @Geobert , thank you! Great first PR 🎉
[EDIT: my explanation was wrong so I removed it to avoid misleading other people] I asked my team leader @awakecoding about the
to
to EDIT: I'll have a deeper look at the code once you fixed the |
@Geobert just to clarify about the copyright - Rust projects normally use the Cargo.toml file to declare authors, so if we add a Contributor.txt file, we'd have to maintain the list of authors in two places. Is there a reason why declaring authors in the Cargo.toml file would not be suitable? |
Copyright
Thank you for your answer! I think having the copyright in Cargo.toml is perfect :) I totally forgot this field ^^' ApplicationTagI tried which leads to: pub fn new(subject: Name, subject_public_key_info: SubjectPublicKeyInfo) -> Self {
// It shall be 0 for this version of the standard.
Self {
version: 0,
subject,
subject_public_key_info,
attributes: ApplicationTag0(Asn1SetOf(Vec::new())),
}
} The SET tag is not replaced with the ApplicationTag0 tag :-/ |
From what Benoît said, my understanding of ApplicationTag is that its tag replace the tag of the object it contains, so I'm trying to understand how ApplicationTag0 is serialized and I can only see in Is the ApplicationTag* ser broken? This seems unlikely as you use the crate with no issue and have plenty of tests to back that up. So I'm confused :-/ |
Oh, let me check, maybe something is wrong somewhere. |
I don't know if it can help, but I noticed that EDIT: by modifying in
the serialization seems correct, but for a weird reason, it breaks the deserialization:
|
I think I misunderstood something 🤦 |
Yes, deserializer would need to be modified the same way. However, as said above, issue is a bit deeper here 😕 |
In that case, the PR is complete with The unit test for extensions works, but the empty ApplicationTag0 test is broken of course |
Good! I'll fix that, merge and publish 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I implemented a workaround so this behaves like a proper IMPLICIT [0]
on a sequence.
Address #77 , on behalf of Isode Ltd.
Some precision on this PR:
attributes field type
the
attributes
field ended up beingImplicit<Option<ApplicationTag0<Attribute>>>
instead ofImplicit<Option<ApplicationTag0<Asn1SetOf<Attribute>>>>
because after testing the output of openssl, it seems that the Asn1SetOf is not present.using the attached files, you can use
openssl req -config req.txt -new -key key.pem -out req.pem
to generate the CSR and see that there's no
SET
after[0]
I was curious on what's the output of openssl if we add a challengePassword to the request: add
attributes = req_attributes
to the[ req ]
section and rerun the openssl command, you'll see:so after the
[0]
, noSET
and two consecutiveSEQUENCE
.We don't need challengePassword yet, but if we add support later, I think
ApplicationTag0
will need some way to have aSET
without serializing it.Unit test
I've added a Unit test for extensions using the config attached and openssl to create the PEM test data.
As attributes has change default value, the
deserialize_csr
test is broken, I think it needs to be updated but I prefer to ask before doing anything on this.EDIT: maybe it's not the test, but the encoding, I've lost the
[0]
so ignore this pointCopyright
The legal team of my company is happy to license the contribution under the dual-license MIT-Apache-2.0 but would like to have Isode Ltd. mentioned somewhere. Some crates have a
Contributor.txt
file listing contributors. Would you (and Devolutions) agree to add this file to the repository? It would look like this (header copied fromoxide-auth
crate's repository):I took the time to sort the different contributors chronologically :)
Conclusion and Recap
As the message is quite large, here is a summary on what's left:
attributes
deserialize_csr
because of change ofattributes
typereq.zip