diff --git a/src/alg_tests.rs b/src/alg_tests.rs index 4d2ade9b..5aa9e500 100644 --- a/src/alg_tests.rs +++ b/src/alg_tests.rs @@ -370,7 +370,7 @@ fn parse_test_signed_data(file_contents: &[u8]) -> TestSignedData { use alloc::str::Lines; -fn read_pem_section(lines: &mut Lines, section_name: &str) -> Vec { +fn read_pem_section(lines: &mut Lines<'_>, section_name: &str) -> Vec { // Skip comments and header let begin_section = format!("-----BEGIN {}-----", section_name); loop { diff --git a/src/cert.rs b/src/cert.rs index d60a7911..966e22b3 100644 --- a/src/cert.rs +++ b/src/cert.rs @@ -177,7 +177,7 @@ impl<'a> Cert<'a> { /// Get the RFC 5280-compliant [`SubjectPublicKeyInfoDer`] (SPKI) of this [`Cert`]. #[cfg(feature = "alloc")] - pub fn subject_public_key_info(&self) -> SubjectPublicKeyInfoDer { + pub fn subject_public_key_info(&self) -> SubjectPublicKeyInfoDer<'static> { // Our SPKI representation contains only the content of the RFC 5280 SEQUENCE // So we wrap the SPKI contents back into a properly-encoded ASN.1 SEQUENCE SubjectPublicKeyInfoDer::from(der::asn1_wrap( @@ -201,7 +201,7 @@ impl<'a> Cert<'a> { // mozilla::pkix supports v1, v2, v3, and v4, including both the implicit // (correct) and explicit (incorrect) encoding of v1. We allow only v3. -fn version3(input: &mut untrusted::Reader) -> Result<(), Error> { +fn version3(input: &mut untrusted::Reader<'_>) -> Result<(), Error> { der::nested( input, der::Tag::ContextSpecificConstructed0, @@ -417,7 +417,7 @@ mod tests { // There should be one distribution point present. assert_eq!(crl_distribution_points.len(), 1); - let crl_distribution_point: &CrlDistributionPoint = crl_distribution_points + let crl_distribution_point = crl_distribution_points .first() .expect("missing distribution point"); @@ -449,7 +449,7 @@ mod tests { // There should be one general name. assert_eq!(names.len(), 1); - let name: &GeneralName = names.first().expect("missing general name"); + let name = names.first().expect("missing general name"); // The general name should be a URI matching the expected value. match name { @@ -479,7 +479,7 @@ mod tests { // There should be one distribution point present. assert_eq!(crl_distribution_points.len(), 1); - let crl_distribution_point: &CrlDistributionPoint = crl_distribution_points + let crl_distribution_point = crl_distribution_points .first() .expect("missing distribution point"); @@ -518,7 +518,7 @@ mod tests { // There should be one distribution point present. assert_eq!(crl_distribution_points.len(), 1); - let crl_distribution_point: &CrlDistributionPoint = crl_distribution_points + let crl_distribution_point = crl_distribution_points .first() .expect("missing distribution point"); @@ -580,7 +580,7 @@ mod tests { // There should be one distribution point present. assert_eq!(crl_distribution_points.len(), 1); - let crl_distribution_point: &CrlDistributionPoint = crl_distribution_points + let crl_distribution_point = crl_distribution_points .first() .expect("missing distribution point"); @@ -618,7 +618,7 @@ mod tests { // There should be one distribution point present. assert_eq!(crl_distribution_points.len(), 1); - let crl_distribution_point: &CrlDistributionPoint = crl_distribution_points + let crl_distribution_point = crl_distribution_points .first() .expect("missing distribution point"); @@ -642,7 +642,7 @@ mod tests { .expect("failed to parse distribution points"); // There should be two distribution points present. - let (point_a, point_b): (&CrlDistributionPoint, &CrlDistributionPoint) = ( + let (point_a, point_b) = ( crl_distribution_points .first() .expect("missing first distribution point"), @@ -666,7 +666,7 @@ mod tests { } } - fn uri_bytes<'a>(name: &'a GeneralName) -> &'a [u8] { + fn uri_bytes<'a>(name: &'a GeneralName<'a>) -> &'a [u8] { match name { GeneralName::UniformResourceIdentifier(uri) => uri.as_slice_less_safe(), _ => panic!("unexpected name type"), diff --git a/src/crl/mod.rs b/src/crl/mod.rs index 8bee28fc..84c9bbbe 100644 --- a/src/crl/mod.rs +++ b/src/crl/mod.rs @@ -115,9 +115,9 @@ impl<'a> RevocationOptions<'a> { pub(crate) fn check( &self, path: &PathNode<'_>, - issuer_subject: untrusted::Input, - issuer_spki: untrusted::Input, - issuer_ku: Option, + issuer_subject: untrusted::Input<'_>, + issuer_spki: untrusted::Input<'_>, + issuer_ku: Option>, supported_sig_algs: &[&dyn SignatureVerificationAlgorithm], budget: &mut Budget, time: UnixTime, @@ -185,7 +185,7 @@ enum KeyUsageMode { impl KeyUsageMode { // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3 - fn check(self, input: Option) -> Result<(), Error> { + fn check(self, input: Option>) -> Result<(), Error> { let bit_string = match input { Some(input) => { der::expect_tag(&mut untrusted::Reader::new(input), der::Tag::BitString)? @@ -286,7 +286,7 @@ mod tests { // It should be possible to build a revocation options builder with defaults. let crl = include_bytes!("../../tests/crls/crl.valid.der"); - let crl: CertRevocationList = BorrowedCertRevocationList::from_der(&crl[..]) + let crl = BorrowedCertRevocationList::from_der(&crl[..]) .unwrap() .into(); let crls = [&crl]; diff --git a/src/crl/types.rs b/src/crl/types.rs index d270b169..8d123776 100644 --- a/src/crl/types.rs +++ b/src/crl/types.rs @@ -66,7 +66,7 @@ impl<'a> CertRevocationList<'a> { /// Try to find a revoked certificate in the CRL by DER encoded serial number. This /// may yield an error if the CRL has malformed revoked certificates. - pub fn find_serial(&self, serial: &[u8]) -> Result, Error> { + pub fn find_serial(&self, serial: &[u8]) -> Result>, Error> { match self { #[cfg(feature = "alloc")] CertRevocationList::Owned(crl) => crl.find_serial(serial), @@ -121,7 +121,7 @@ impl<'a> CertRevocationList<'a> { pub(crate) fn verify_signature( &self, supported_sig_algs: &[&dyn SignatureVerificationAlgorithm], - issuer_spki: untrusted::Input, + issuer_spki: untrusted::Input<'_>, budget: &mut Budget, ) -> Result<(), Error> { signed_data::verify_signed_data( @@ -194,7 +194,7 @@ impl OwnedCertRevocationList { BorrowedCertRevocationList::from_der(crl_der)?.to_owned() } - fn find_serial(&self, serial: &[u8]) -> Result, Error> { + fn find_serial(&self, serial: &[u8]) -> Result>, Error> { // note: this is infallible for the owned representation because we process all // revoked certificates at the time of construction to build the `revoked_certs` map, // returning any encountered errors at that time. @@ -309,7 +309,7 @@ impl<'a> BorrowedCertRevocationList<'a> { }) } - fn find_serial(&self, serial: &[u8]) -> Result, Error> { + fn find_serial(&self, serial: &[u8]) -> Result>, Error> { for revoked_cert_result in self { match revoked_cert_result { Err(e) => return Err(e), @@ -471,7 +471,7 @@ pub(crate) struct IssuingDistributionPoint<'a> { } impl<'a> IssuingDistributionPoint<'a> { - pub(crate) fn from_der(der: untrusted::Input<'a>) -> Result { + pub(crate) fn from_der(der: untrusted::Input<'a>) -> Result { const DISTRIBUTION_POINT_TAG: u8 = CONTEXT_SPECIFIC | CONSTRUCTED; const ONLY_CONTAINS_USER_CERTS_TAG: u8 = CONTEXT_SPECIFIC | 1; const ONLY_CONTAINS_CA_CERTS_TAG: u8 = CONTEXT_SPECIFIC | 2; @@ -491,7 +491,7 @@ impl<'a> IssuingDistributionPoint<'a> { // Note: we can't use der::optional_boolean here because the distribution point // booleans are context specific primitives and der::optional_boolean expects // to unwrap a Tag::Boolean constructed value. - fn decode_bool(value: untrusted::Input) -> Result { + fn decode_bool(value: untrusted::Input<'_>) -> Result { let mut reader = untrusted::Reader::new(value); let value = reader.read_byte().map_err(der::end_of_input_err)?; if !reader.at_end() { @@ -693,7 +693,7 @@ pub struct OwnedRevokedCert { #[cfg(feature = "alloc")] impl OwnedRevokedCert { /// Convert the owned representation of this revoked cert to a borrowed version. - pub fn borrow(&self) -> BorrowedRevokedCert { + pub fn borrow(&self) -> BorrowedRevokedCert<'_> { BorrowedRevokedCert { serial_number: &self.serial_number, revocation_date: self.revocation_date, @@ -1211,17 +1211,15 @@ mod tests { let owned_crl = borrowed_crl.to_owned().unwrap(); // It should be possible to convert a BorrowedCertRevocationList to a CertRevocationList. - let _crl: CertRevocationList = borrowed_crl.into(); + let _crl = CertRevocationList::from(borrowed_crl); // And similar for an OwnedCertRevocationList. - let _crl: CertRevocationList = owned_crl.into(); + let _crl = CertRevocationList::from(owned_crl); } #[test] fn test_crl_authoritative_issuer_mismatch() { let crl = include_bytes!("../../tests/crls/crl.valid.der"); - let crl: CertRevocationList = BorrowedCertRevocationList::from_der(&crl[..]) - .unwrap() - .into(); + let crl = CertRevocationList::from(BorrowedCertRevocationList::from_der(&crl[..]).unwrap()); let ee = CertificateDer::from( &include_bytes!("../../tests/client_auth_revocation/no_ku_chain.ee.der")[..], @@ -1237,9 +1235,7 @@ mod tests { fn test_crl_authoritative_no_idp_no_cert_dp() { let crl = include_bytes!("../../tests/client_auth_revocation/ee_revoked_crl_ku_ee_depth.crl.der"); - let crl: CertRevocationList = BorrowedCertRevocationList::from_der(&crl[..]) - .unwrap() - .into(); + let crl = CertRevocationList::from(BorrowedCertRevocationList::from_der(&crl[..]).unwrap()); let ee = CertificateDer::from( &include_bytes!("../../tests/client_auth_revocation/ku_chain.ee.der")[..], @@ -1255,9 +1251,7 @@ mod tests { #[test] fn test_crl_expired() { let crl = include_bytes!("../../tests/crls/crl.valid.der"); - let crl: CertRevocationList = BorrowedCertRevocationList::from_der(&crl[..]) - .unwrap() - .into(); + let crl = CertRevocationList::from(BorrowedCertRevocationList::from_der(&crl[..]).unwrap()); // Friday, February 2, 2024 8:26:19 PM GMT let time = UnixTime::since_unix_epoch(Duration::from_secs(1_706_905_579)); @@ -1267,9 +1261,7 @@ mod tests { #[test] fn test_crl_not_expired() { let crl = include_bytes!("../../tests/crls/crl.valid.der"); - let crl: CertRevocationList = BorrowedCertRevocationList::from_der(&crl[..]) - .unwrap() - .into(); + let crl = CertRevocationList::from(BorrowedCertRevocationList::from_der(&crl[..]).unwrap()); // Wednesday, October 19, 2022 8:12:06 PM GMT let expiration_time = 1_666_210_326; let time = UnixTime::since_unix_epoch(Duration::from_secs(expiration_time - 1000)); diff --git a/src/der.rs b/src/der.rs index 0536cc92..977d54e5 100644 --- a/src/der.rs +++ b/src/der.rs @@ -364,7 +364,7 @@ impl<'a> BitStringFlags<'a> { // // [0]: https://security.stackexchange.com/a/10396 // [1]: https://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf -pub(crate) fn bit_string_flags(input: untrusted::Input) -> Result, Error> { +pub(crate) fn bit_string_flags(input: untrusted::Input<'_>) -> Result, Error> { input.read_all(Error::BadDer, |bit_string| { // ITU X690-0207 11.2: // "The initial octet shall encode, as an unsigned binary integer with bit 1 as the least @@ -586,7 +586,7 @@ mod tests { ); } - fn bytes_reader(bytes: &[u8]) -> untrusted::Reader { + fn bytes_reader(bytes: &[u8]) -> untrusted::Reader<'_> { return untrusted::Reader::new(untrusted::Input::from(bytes)); } diff --git a/src/end_entity.rs b/src/end_entity.rs index 58666063..d145c289 100644 --- a/src/end_entity.rs +++ b/src/end_entity.rs @@ -101,7 +101,7 @@ impl<'a> EndEntityCert<'a> { pub fn verify_for_usage<'p>( &'p self, supported_sig_algs: &[&dyn SignatureVerificationAlgorithm], - trust_anchors: &'p [TrustAnchor], + trust_anchors: &'p [TrustAnchor<'_>], intermediate_certs: &'p [CertificateDer<'p>], time: UnixTime, usage: KeyUsage, diff --git a/src/error.rs b/src/error.rs index c43d9511..ab762c64 100644 --- a/src/error.rs +++ b/src/error.rs @@ -292,7 +292,7 @@ impl From for ControlFlow { } impl fmt::Display for Error { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!(f, "{:?}", self) } } diff --git a/src/lib.rs b/src/lib.rs index a22883eb..512cf9d9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -27,7 +27,7 @@ //! | `aws_lc_rs` | Enable use of the aws-lc-rs crate for cryptography. | #![no_std] -#![warn(unreachable_pub)] +#![warn(elided_lifetimes_in_paths, unreachable_pub)] #![deny(missing_docs, clippy::as_conversions)] #![allow( clippy::len_without_is_empty, @@ -35,7 +35,8 @@ clippy::single_match, clippy::single_match_else, clippy::type_complexity, - clippy::upper_case_acronyms + clippy::upper_case_acronyms, + clippy::use_self )] // Enable documentation for all features on docs.rs #![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))] diff --git a/src/signed_data.rs b/src/signed_data.rs index b277650e..764e949f 100644 --- a/src/signed_data.rs +++ b/src/signed_data.rs @@ -155,8 +155,8 @@ impl<'a> SignedData<'a> { /// linearly for matches. pub(crate) fn verify_signed_data( supported_algorithms: &[&dyn SignatureVerificationAlgorithm], - spki_value: untrusted::Input, - signed_data: &SignedData, + spki_value: untrusted::Input<'_>, + signed_data: &SignedData<'_>, budget: &mut Budget, ) -> Result<(), Error> { budget.consume_signature()?; @@ -210,11 +210,11 @@ pub(crate) fn verify_signed_data( pub(crate) fn verify_signature( signature_alg: &dyn SignatureVerificationAlgorithm, - spki_value: untrusted::Input, - msg: untrusted::Input, - signature: untrusted::Input, + spki_value: untrusted::Input<'_>, + msg: untrusted::Input<'_>, + signature: untrusted::Input<'_>, ) -> Result<(), Error> { - let spki = der::read_all::(spki_value)?; + let spki = der::read_all::>(spki_value)?; if signature_alg.public_key_alg_id().as_ref() != spki.algorithm_id_value.as_slice_less_safe() { return Err(Error::UnsupportedSignatureAlgorithmForPublicKey); } diff --git a/src/subject_name/dns_name.rs b/src/subject_name/dns_name.rs index 5bf61274..c71555c7 100644 --- a/src/subject_name/dns_name.rs +++ b/src/subject_name/dns_name.rs @@ -84,7 +84,7 @@ impl<'a> WildcardDnsNameRef<'a> { } impl core::fmt::Debug for WildcardDnsNameRef<'_> { - fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { f.write_str("WildcardDnsNameRef(\"")?; // Convert each byte of the underlying ASCII string to a `char` and @@ -215,9 +215,9 @@ impl core::fmt::Debug for WildcardDnsNameRef<'_> { // incorporated into the spec: // https://www.ietf.org/mail-archive/web/pkix/current/msg21192.html pub(super) fn presented_id_matches_reference_id( - presented_dns_id: untrusted::Input, + presented_dns_id: untrusted::Input<'_>, reference_dns_id_role: IdRole, - reference_dns_id: untrusted::Input, + reference_dns_id: untrusted::Input<'_>, ) -> Result { if !is_valid_dns_id(presented_dns_id, IdRole::Presented, Wildcards::Allow) { return Err(Error::MalformedDnsIdentifier); @@ -377,7 +377,7 @@ pub(super) enum IdRole { // https://bugzilla.mozilla.org/show_bug.cgi?id=1136616: As an exception to the // requirement above, underscores are also allowed in names for compatibility. fn is_valid_dns_id( - hostname: untrusted::Input, + hostname: untrusted::Input<'_>, id_role: IdRole, allow_wildcards: Wildcards, ) -> bool { diff --git a/src/subject_name/ip_address.rs b/src/subject_name/ip_address.rs index b1f84acf..428c28fe 100644 --- a/src/subject_name/ip_address.rs +++ b/src/subject_name/ip_address.rs @@ -55,8 +55,8 @@ pub(crate) fn verify_ip_address_names( // exactly four octets. For IP version 6, as specified in // [RFC2460], the octet string MUST contain exactly sixteen octets. fn presented_id_matches_reference_id( - presented_id: untrusted::Input, - reference_id: untrusted::Input, + presented_id: untrusted::Input<'_>, + reference_id: untrusted::Input<'_>, ) -> bool { match (presented_id.len(), reference_id.len()) { (4, 4) => (), @@ -89,8 +89,8 @@ fn presented_id_matches_reference_id( // octets C0 00 02 00 FF FF FF 00, representing the CIDR notation // 192.0.2.0/24 (mask 255.255.255.0). pub(super) fn presented_id_matches_constraint( - name: untrusted::Input, - constraint: untrusted::Input, + name: untrusted::Input<'_>, + constraint: untrusted::Input<'_>, ) -> Result { match (name.len(), constraint.len()) { (4, 8) => (), diff --git a/src/subject_name/verify.rs b/src/subject_name/verify.rs index 03647a00..17b178e1 100644 --- a/src/subject_name/verify.rs +++ b/src/subject_name/verify.rs @@ -20,7 +20,7 @@ use crate::verify_cert::{Budget, PathNode}; // https://tools.ietf.org/html/rfc5280#section-4.2.1.10 pub(crate) fn check_name_constraints( - constraints: Option<&mut untrusted::Reader>, + constraints: Option<&mut untrusted::Reader<'_>>, path: &PathNode<'_>, budget: &mut Budget, ) -> Result<(), Error> { @@ -67,9 +67,9 @@ pub(crate) fn check_name_constraints( } fn check_presented_id_conforms_to_constraints( - name: GeneralName, - permitted_subtrees: Option, - excluded_subtrees: Option, + name: GeneralName<'_>, + permitted_subtrees: Option>, + excluded_subtrees: Option>, budget: &mut Budget, ) -> Option> { let subtrees = [ diff --git a/src/time.rs b/src/time.rs index 352926bb..f96aeb62 100644 --- a/src/time.rs +++ b/src/time.rs @@ -30,7 +30,7 @@ impl<'a> FromDer<'a> for UnixTime { Tag::GeneralizedTime }; - fn read_digit(inner: &mut untrusted::Reader) -> Result { + fn read_digit(inner: &mut untrusted::Reader<'_>) -> Result { const DIGIT: core::ops::RangeInclusive = b'0'..=b'9'; let b = inner.read_byte().map_err(|_| Error::BadDerTime)?; if DIGIT.contains(&b) { @@ -40,7 +40,7 @@ impl<'a> FromDer<'a> for UnixTime { } fn read_two_digits( - inner: &mut untrusted::Reader, + inner: &mut untrusted::Reader<'_>, min: u64, max: u64, ) -> Result { diff --git a/src/trust_anchor.rs b/src/trust_anchor.rs index b5e18d7b..c2320f1e 100644 --- a/src/trust_anchor.rs +++ b/src/trust_anchor.rs @@ -98,6 +98,6 @@ impl<'a> From> for TrustAnchor<'a> { } } -fn skip(input: &mut untrusted::Reader, tag: der::Tag) -> Result<(), Error> { +fn skip(input: &mut untrusted::Reader<'_>, tag: der::Tag) -> Result<(), Error> { der::expect_tag(input, tag).map(|_| ()) } diff --git a/src/verify_cert.rs b/src/verify_cert.rs index 3063eb7d..28653071 100644 --- a/src/verify_cert.rs +++ b/src/verify_cert.rs @@ -61,10 +61,8 @@ impl<'a, 'p: 'a> ChainOptions<'a, 'p> { // TODO: HPKP checks. - let result = loop_while_non_fatal_error( - Error::UnknownIssuer, - self.trust_anchors, - |trust_anchor: &TrustAnchor| { + let result = + loop_while_non_fatal_error(Error::UnknownIssuer, self.trust_anchors, |trust_anchor| { let trust_anchor_subject = untrusted::Input::from(trust_anchor.subject.as_ref()); if !public_values_eq(path.head().issuer, trust_anchor_subject) { return Err(Error::UnknownIssuer.into()); @@ -91,8 +89,7 @@ impl<'a, 'p: 'a> ChainOptions<'a, 'p> { Ok(()) => Ok(trust_anchor), Err(err) => Err(ControlFlow::Continue(err)), } - }, - ); + }); let err = match result { Ok(anchor) => return Ok(anchor), @@ -138,7 +135,7 @@ impl<'a, 'p: 'a> ChainOptions<'a, 'p> { &self, path: &PathNode<'_>, time: UnixTime, - trust_anchor: &TrustAnchor, + trust_anchor: &TrustAnchor<'_>, budget: &mut Budget, ) -> Result<(), ControlFlow> { let mut spki_value = untrusted::Input::from(trust_anchor.subject_public_key_info.as_ref()); @@ -270,7 +267,7 @@ impl<'a> AsRef<[Option>]> for Intermediates<'a> { fn check_signed_chain_name_constraints( path: &PathNode<'_>, - trust_anchor: &TrustAnchor, + trust_anchor: &TrustAnchor<'_>, budget: &mut Budget, ) -> Result<(), ControlFlow> { let mut name_constraints = trust_anchor @@ -345,7 +342,7 @@ impl Default for Budget { } fn check_issuer_independent_properties( - cert: &Cert, + cert: &Cert<'_>, time: UnixTime, role: Role, sub_ca_count: usize, @@ -373,7 +370,7 @@ fn check_issuer_independent_properties( } // https://tools.ietf.org/html/rfc5280#section-4.1.2.5 -fn check_validity(input: &mut untrusted::Reader, time: UnixTime) -> Result<(), Error> { +fn check_validity(input: &mut untrusted::Reader<'_>, time: UnixTime) -> Result<(), Error> { let not_before = UnixTime::from_der(input)?; let not_after = UnixTime::from_der(input)?; @@ -396,7 +393,7 @@ fn check_validity(input: &mut untrusted::Reader, time: UnixTime) -> Result<(), E // https://tools.ietf.org/html/rfc5280#section-4.2.1.9 fn check_basic_constraints( - input: Option<&mut untrusted::Reader>, + input: Option<&mut untrusted::Reader<'_>>, role: Role, sub_ca_count: usize, ) -> Result<(), Error> { @@ -484,7 +481,7 @@ enum ExtendedKeyUsage { impl ExtendedKeyUsage { // https://tools.ietf.org/html/rfc5280#section-4.2.1.12 - fn check(&self, input: Option<&mut untrusted::Reader>) -> Result<(), Error> { + fn check(&self, input: Option<&mut untrusted::Reader<'_>>) -> Result<(), Error> { let input = match (input, self) { (Some(input), _) => input, (None, Self::RequiredIfPresent(_)) => return Ok(()), @@ -1041,7 +1038,7 @@ mod tests { let intermediate_certs = intermediate_chain .chain .iter() - .map(|der: &CertificateDer| Cert::from_der(untrusted::Input::from(der)).unwrap()) + .map(|der| Cert::from_der(untrusted::Input::from(der)).unwrap()) .collect::>(); for (cert, expected) in path diff --git a/src/x509.rs b/src/x509.rs index fb9be451..0a6c5283 100644 --- a/src/x509.rs +++ b/src/x509.rs @@ -62,7 +62,7 @@ pub(crate) fn set_extension_once( } pub(crate) fn remember_extension( - extension: &Extension, + extension: &Extension<'_>, mut handler: impl FnMut(u8) -> Result<(), Error>, ) -> Result<(), Error> { // ISO arc for standard certificate and CRL extensions.