From dd2ce585e469979e70fa5a368bc0ed975ba7d016 Mon Sep 17 00:00:00 2001
From: Zhang Jingqiang <zh_jq@outlook.com>
Date: Tue, 2 May 2023 22:39:01 +0800
Subject: [PATCH] add X509::pathlen

---
 openssl-sys/src/handwritten/x509v3.rs |  2 ++
 openssl/src/x509/mod.rs               |  8 ++++++++
 openssl/src/x509/tests.rs             | 16 ++++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/openssl-sys/src/handwritten/x509v3.rs b/openssl-sys/src/handwritten/x509v3.rs
index 7789b629a6..f92441134e 100644
--- a/openssl-sys/src/handwritten/x509v3.rs
+++ b/openssl-sys/src/handwritten/x509v3.rs
@@ -96,6 +96,8 @@ extern "C" {
         indent: c_int,
     ) -> c_int;
 
+    #[cfg(ossl110)]
+    pub fn X509_get_pathlen(x: *mut X509) -> c_long;
     #[cfg(ossl110)]
     pub fn X509_get_extension_flags(x: *mut X509) -> u32;
     #[cfg(ossl110)]
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index a8e298bf3f..2b2f8a50d8 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -483,6 +483,14 @@ impl X509Ref {
         }
     }
 
+    /// Retrieves the path length extension from a certificate, if it exists.
+    #[corresponds(X509_get_pathlen)]
+    #[cfg(ossl110)]
+    pub fn pathlen(&self) -> Option<u32> {
+        let v = unsafe { ffi::X509_get_pathlen(self.as_ptr()) };
+        u32::try_from(v).ok()
+    }
+
     /// Returns this certificate's subject key id, if it exists.
     #[corresponds(X509_get0_subject_key_id)]
     #[cfg(ossl110)]
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index c5ea6accf3..a3f3cd8803 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -168,6 +168,22 @@ fn test_subject_alt_name() {
     assert_eq!(Some("http://www.example.com"), subject_alt_names[4].uri());
 }
 
+#[test]
+#[cfg(ossl110)]
+fn test_retrieve_pathlen() {
+    let cert = include_bytes!("../../test/root-ca.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), None);
+
+    let cert = include_bytes!("../../test/intermediate-ca.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), Some(0));
+
+    let cert = include_bytes!("../../test/alt_name_cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), None);
+}
+
 #[test]
 #[cfg(ossl110)]
 fn test_subject_key_id() {