Skip to content

Commit

Permalink
Fix: Write CSR attributes as an implicit set
Browse files Browse the repository at this point in the history
  • Loading branch information
lvkv authored and cpu committed Nov 13, 2024
1 parent ad9b094 commit 57a8066
Showing 1 changed file with 30 additions and 24 deletions.
54 changes: 30 additions & 24 deletions rcgen/src/certificate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -561,33 +561,39 @@ impl CertificateParams {
serialize_public_key_der(subject_key, writer.next());
// Write extensions
// According to the spec in RFC 2986, even if attributes are empty we need the empty attribute tag
writer.next().write_tagged(Tag::context(0), |writer| {
if write_extension_request {
writer.write_sequence(|writer| {
let oid = ObjectIdentifier::from_slice(oid::PKCS_9_AT_EXTENSION_REQUEST);
writer.next().write_oid(&oid);
writer.next().write_set(|writer| {
writer
.next()
.write_tagged_implicit(Tag::context(0), |writer| {
// RFC 2986 specifies that attributes are a SET OF Attribute
writer.write_set_of(|writer| {
if write_extension_request {
writer.next().write_sequence(|writer| {
// Write key_usage
self.write_key_usage(writer.next());
// Write subject_alt_names
self.write_subject_alt_names(writer.next());
self.write_extended_key_usage(writer.next());

// Write custom extensions
for ext in custom_extensions {
write_x509_extension(
writer.next(),
&ext.oid,
ext.critical,
|writer| writer.write_der(ext.content()),
);
}
let oid =
ObjectIdentifier::from_slice(oid::PKCS_9_AT_EXTENSION_REQUEST);
writer.next().write_oid(&oid);
writer.next().write_set(|writer| {
writer.next().write_sequence(|writer| {
// Write key_usage
self.write_key_usage(writer.next());
// Write subject_alt_names
self.write_subject_alt_names(writer.next());
self.write_extended_key_usage(writer.next());

// Write custom extensions
for ext in custom_extensions {
write_x509_extension(
writer.next(),
&ext.oid,
ext.critical,
|writer| writer.write_der(ext.content()),
);
}
});
});
});
});
}
});
}
});
});

Ok(())
})?;
Expand Down

0 comments on commit 57a8066

Please sign in to comment.