Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509: CertificateBuilder w\ misuse resistance + best practices support #418

Closed
tarcieri opened this issue Feb 11, 2022 · 1 comment
Closed

x509: CertificateBuilder w\ misuse resistance + best practices support #418

tarcieri opened this issue Feb 11, 2022 · 1 comment

Comments

@tarcieri
Copy link
Member

Prior discussion: https://github.com/iqlusioninc/yubikey.rs/pull/348/files/1dd3aa37596f0f60db597b17d77a101d53445ab4#r804122161

One thing that would be nice to have is a builder type for constructing an X.509 certificate which provides a higher-level API aimed at reducing choice and potential errors when constructing certificates.

It could take care of constructing the actual TbsCertificate type, as well as signing that and constructing the final Certificate. It could also own the data for the various fields, allowing the serialization types to borrow them, so it doesn't require a lifetime.

We could potentially use tooling like certlint and/or zlint to ensure that certificates generated by this builder follow best practices.
@baloo baloo mentioned this issue Nov 19, 2022
Merged
@tarcieri
Copy link
Member Author

Added in #764

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tarcieri