rustls
Add support custom CSR extensions when parsing
This PR adds CertificateSigningRequestParams::from_pem_validated & from_der_validated methods, which allow the user to provide a custom validation closure to handle otherwise unsupported extensions found in the OID_PKCS_9_AT_EXTENSION_REQUEST CRL attribute. In other words, this allow CSR to correctly handle CustomExtension found into the custom_extensions field when parsing from DER or PEM.
This depends on this PR being merged.
This closes #150.
Proprietary extension, such as storing a user ID directly in the certificate. The idea is that since the certificate is signed, this metadata is guaranteed to have been validated by a CA, and I control the CA so I indeed validate those extensions.
ci / Validate external types appearing in public API (pull_request) Failing after 1m
Also, this looks like a true positive: we don't want x509-parser leaking through the rcgen API. That suggests to me that we'll need to rework the closure argument at a minimum. If that happens does your upstream change in x509-parser lose some of its value?
Also, this looks like a true positive: we don't want x509-parser leaking through the rcgen API. That suggests to me that we'll need to rework the closure argument at a minimum. If that happens does your upstream change in x509-parser lose some of its value?
Not at all, we can just implement a simple wrapper type that is then converted internally into the specific x509-parser type. However its important to note that the upstream is currently working on some major rework of its API, and there's discussion about introducing a whole new visitor API for CSRs. So I would say this PR is definitely gonna change, which is why its a draft. I though it would still be valuable to write this PR in case it is a controversial change etc.