Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose alias on X509 structs #2167

Merged
merged 1 commit into from
Feb 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions openssl-sys/src/handwritten/x509.rs
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,7 @@ extern "C" {
pub fn X509_get_version(x: *const X509) -> c_long;
pub fn X509_set_serialNumber(x: *mut X509, sn: *mut ASN1_INTEGER) -> c_int;
pub fn X509_get_serialNumber(x: *mut X509) -> *mut ASN1_INTEGER;
pub fn X509_alias_get0(x: *mut X509, len: *mut c_int) -> *mut c_uchar;
}
const_ptr_api! {
extern "C" {
Expand Down
13 changes: 12 additions & 1 deletion openssl/src/pkcs12.rs
Original file line number Diff line number Diff line change
Expand Up @@ -304,9 +304,20 @@ mod test {
let parsed = pkcs12.parse2("mypass").unwrap();

assert_eq!(
hex::encode(parsed.cert.unwrap().digest(MessageDigest::sha1()).unwrap()),
hex::encode(
parsed
.cert
.as_ref()
.unwrap()
.digest(MessageDigest::sha1())
.unwrap()
),
"59172d9313e84459bcff27f967e79e6e9217e584"
);
assert_eq!(
parsed.cert.as_ref().unwrap().alias(),
Some(b"foobar.com" as &[u8])
);

let chain = parsed.ca.unwrap();
assert_eq!(chain.len(), 1);
Expand Down
16 changes: 16 additions & 0 deletions openssl/src/x509/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -649,6 +649,22 @@ impl X509Ref {
}
}

/// Returns this certificate's "alias". This field is populated by
/// OpenSSL in some situations -- specifically OpenSSL will store a
/// PKCS#12 `friendlyName` in this field.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might suggest adding a sentence that this is not part of the certificate itself, just some auxiliary info that OpenSSL staples onto it. In particular, it doesn't get serialized. It's just a way to get the friendly name out of you used pkcs12 APIs.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I should make that explicit rather than implicit.

#[corresponds(X509_alias_get0)]
pub fn alias(&self) -> Option<&[u8]> {
unsafe {
let mut len = 0;
let ptr = ffi::X509_alias_get0(self.as_ptr(), &mut len);
if ptr.is_null() {
None
} else {
Some(slice::from_raw_parts(ptr, len as usize))
}
}
}

to_pem! {
/// Serializes the certificate into a PEM-encoded X509 structure.
///
Expand Down