examples: sign-leaf-with-ca uses ca key for signing end entity cert

rustls · Apr 4, 2024 · 7db8619 · 7db8619
1 parent 4853083
commit 7db8619
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/rcgen/examples/sign-leaf-with-ca.rs b/rcgen/examples/sign-leaf-with-ca.rs
@@ -4,10 +4,10 @@ use rcgen::{
 };
 use time::{Duration, OffsetDateTime};
 
-/// Example demonstrating signing end-endity certificate with ca
+/// Example demonstrating signing end-entity certificate with ca
 fn main() {
-	let ca = new_ca();
-	let end_entity = new_end_entity();
+	let (ca, ca_key) = new_ca();
+	let end_entity = new_end_entity(&ca, &ca_key);
 
 	let end_entity_pem = end_entity.pem();
 	println!("directly signed end-entity certificate: {end_entity_pem}");
@@ -16,7 +16,7 @@ fn main() {
 	println!("ca certificate: {ca_cert_pem}");
 }
 
-fn new_ca() -> Certificate {
+fn new_ca() -> (Certificate, KeyPair) {
 	let mut params =
 		CertificateParams::new(Vec::default()).expect("empty subject alt name can't produce error");
 	let (yesterday, tomorrow) = validity_period();
@@ -36,10 +36,10 @@ fn new_ca() -> Certificate {
 	params.not_after = tomorrow;
 
 	let key_pair = KeyPair::generate().unwrap();
-	params.self_signed(&key_pair).unwrap()
+	(params.self_signed(&key_pair).unwrap(), key_pair)
 }
 
-fn new_end_entity() -> Certificate {
+fn new_end_entity(ca: &Certificate, ca_key: &KeyPair) -> Certificate {
 	let name = "entity.other.host";
 	let mut params = CertificateParams::new(vec![name.into()]).expect("we know the name is valid");
 	let (yesterday, tomorrow) = validity_period();
@@ -53,7 +53,7 @@ fn new_end_entity() -> Certificate {
 	params.not_after = tomorrow;
 
 	let key_pair = KeyPair::generate().unwrap();
-	params.self_signed(&key_pair).unwrap()
+	params.signed_by(&key_pair, ca, ca_key).unwrap()
 }
 
 fn validity_period() -> (OffsetDateTime, OffsetDateTime) {