You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd like to use botan(-rs) to not just load / verify X.509 certificates, but create them too.
OpenSSL uses a builder style API, which I think can work for Botan's X509_Cert_Options too. However they use strings (!) with some kind of internal mini-language and send that through the ffi, but here we already have nice types to use.
Things like creating a self signed CA, creating a PKCS#10 req, signing it and so on are relatively simple to implement (I've already done some experiments), but I am a little unsure about how to go about Extensions:
How do I get an extension object from a cert? I'd love to just send a type, e.g. Cert_Extension::Basic_Constraints but I'm not too keen on serializing / deserializing as a string. What might work would be one getter function per Extension, or macros :/
Once I have an Extension, how do I access its contents? For generic things like OID no problem, but each Ext has its own associated data, some have simple internal types, like Basic_Constraints, others are monsters like in Add IPAddrBlock and ASIdentifiers extensions (RFC 3779) #4699 with classes that contain classes that contain classes.
all of this goes for creating the extensions in the first place as well
in regards to the opts themselves, how do I not write a million setter functions for each of common_name, country, organization, ... (see eg here and the next function, there is huge duplication there)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I'd like to use botan(-rs) to not just load / verify X.509 certificates, but create them too.
OpenSSL uses a builder style API, which I think can work for Botan's
X509_Cert_Optionstoo. However they use strings (!) with some kind of internal mini-language and send that through the ffi, but here we already have nice types to use.Things like creating a self signed CA, creating a PKCS#10 req, signing it and so on are relatively simple to implement (I've already done some experiments), but I am a little unsure about how to go about Extensions:
Cert_Extension::Basic_Constraintsbut I'm not too keen on serializing / deserializing as a string. What might work would be one getter function per Extension, or macros :/Basic_Constraints, others are monsters like in Add IPAddrBlock and ASIdentifiers extensions (RFC 3779) #4699 with classes that contain classes that contain classes.common_name,country,organization, ... (see eg here and the next function, there is huge duplication there)Do you have any ideas / preferences @reneme @randombit?
Beta Was this translation helpful? Give feedback.
All reactions