Add support custom CSR extensions when parsing #337
Conversation
jean-airoldie
force-pushed
the
custom_extension
branch
from
158d183 to
8f721af
Compare
|
What are you trying to achieve? Which extension do you want to support? |
|
Proprietary extension, such as storing a user ID directly in the certificate. The idea is that since the certificate is signed, this metadata is guaranteed to have been validated by a CA, and I control the CA so I indeed validate those extensions. |
Also, this looks like a true positive: we don't want |
Not at all, we can just implement a simple wrapper type that is then converted internally into the specific x509-parser type. However its important to note that the upstream is currently working on some major rework of its API, and there's discussion about introducing a whole new visitor API for CSRs. So I would say this PR is definitely gonna change, which is why its a draft. I though it would still be valuable to write this PR in case it is a controversial change etc. |
jean-airoldie
force-pushed
the
custom_extension
branch
5 times, most recently
from
17e72e7 to
b4e43fd
Compare
* Allow user to parse otherwise unsupported extensions. * Retain the custom extensions when parsing. * Update to latest branch commit * Ran rustfmt * Fix clippy * Add UnsupportedExtension wrapper type
jean-airoldie
force-pushed
the
custom_extension
branch
from
b4e43fd to
7240eac
Compare
This PR adds
CertificateSigningRequestParams::from_pem_validated&from_der_validatedmethods, which allow the user to provide a custom validation closure to handle otherwise unsupported extensions found in theOID_PKCS_9_AT_EXTENSION_REQUESTCRL attribute. In other words, this allow CSR to correctly handleCustomExtensionfound into the custom_extensions field when parsing from DER or PEM.This depends on this PR being merged.
This closes #150.