New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setting Certificate/Private Key Improvements #15
Conversation
Add possibility to use DER-encoding when setting a certificate Add `tls_set_certificate_pem` and `tls_set_certificate_der` function Add `enum tls_key_type` Deprecate `tls_set_certificate`
Note: I've double-checked that the newly introduced OpenSSL functions are available in 0.9.8 to 1.1.0 and libressl. I've compiled and tested it on OpenSSL 1.0.1f and OpenSSL 1.0.2h. |
thanks for this nice patch. in general all the code looks of superb quality and in general all patches/PRs should be based on master. the order in which we merge it was particularly good that you added this type:
later we should extend the selfsign function, to include keysize and also |
Thanks for the feedback. Much appreciated. :)
Already wrote some code for that in my own library. But if you're interested in it, I can easily port it and open a PR. |
Hi @lgrahl, would it be possible to have a new patch here, were you keep the original variable names from tls_set_certificate (except for the rsa/pkey variable). The diff would be much cleaner/easier to read then. Also, would it be possible to move the DER related changes to another PR? BTW, in your DER code it looks like you reference updated buf_cert value from d2i_X509(), before checking d2i_X509() return value. |
Don't get me wrong, but I don't think changing the variables names back to make the diff nicer to read but overall have confusing variable names as a result is a good idea. Edit: I thought you meant the variable names in the signature. Regarding
I could do that but I would prefer having it this way unless there is a reason why I should split them up. Also, the function name
Nice find, will fix that. |
These changes give the user a little bit more fine granularity when setting a certificate (and the private key).
Other private key types than RSA are now supported.
PEM certificate and private key can now be contained in separate strings.
Moreover, the user is able to use the DER format for certificates and private keys.
To make this possible, the following functions have been added:
tls_set_certificate_pem
tls_set_certificate_der
tls_set_certificate
has been updated and usestls_set_certificate_pem
underneathNo changes to existing function signatures had to be made. :)
(Let me know if I should rebase the changes and make a PR to merge into the
openssl-1.1.0
branch.)