-
-
Notifications
You must be signed in to change notification settings - Fork 877
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to extend X509 extensions #1573
Allow to extend X509 extensions #1573
Conversation
I'll try to take a look at this and your other PRs this weekend - thanks for all your work!! |
So I guess one thing I'm wondering is... why use a trait if it's only going to be used by one file? This could also be extended to CSR's, CRL's, etc, by making use of the That said, this does (at least currently for X509) eliminate the need for the obnoxious resigning that is currently required, which I like!: https://phpseclib.com/docs/x509#example-custom-extensions It might not be a bad idea to throw an exception if an extension is already registered in Otherwise, I like it! I'll hold off for merging for the time being to let you make these changes. I suppose I could make them myself but it'd make my life easier if you could do them 😅 |
I made a trait, because the extensions arrays and setters are standalones, applicable on similar extendable mappings, and to avoid bloating much more the X509.php. But I see it's yet very big, maybe you don't care too much about splitting responsibilities? About the exception. I would be fully agree if It will also make more painful unit testing when using such custom extension. Are you OK to not throw the exception if the already registered extension is exactly the same and also provide a getter so you can check what is already registered? |
I do but not for 3.0. For 4.0 I want to completely redo how X509 works. Separate classes for X509, CSR, CRL, etc. Whereas right now loading an X509 returns an array with what I'm thinking for 4.0 you'll just do maybe But for 3.0 I'd just assume stick with the bloat. If we're gonna have a trait for this why not for other stuff? I think consistency is important and having a trait for one thing but for nothing else just isn't consistent.
Works for me! |
|
Thanks @terrafrost and thanks for this library 🙏 |
the X509ExtensionTest.php file below is an example of the goal I try to achieve with this pull-request:
Have custom extensions (as per RFC 3280) with some meta-data to be ASN1-encoded alongside with extensions natively supported by phpseclib.
From what I could try until now, without this little change, the ASN1 encoder has no way to know the structure of an extension if it's not in the list of supported ones.