-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certs: Adding additional functionality. #206
Conversation
184de63
to
8eb3d32
Compare
/cc @fitzthum (just FYI) |
Not against the change, but what's the purpose of making X509 public? |
It was originally to provide access to the methods belonging to the X509, but I found a better way around that. Let me know what you think about this approach. |
6ed03b0
to
9182254
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a lot of assumptions we're making about the formatting of the inputs (for instance, an array should be ARK/ASK/VCEK). Documentation for the rustdocs should make this abundantly clear.
Each conversion trait impl
should probably outline this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
ASK/ARK/VEK, but yes I agree, it should be made clear for users |
- Added in a bunch of additional support for translating between `Certificate`, `openssl::X509`, `ca::Chain`, and `Chain` - Adding fixes per Tyler's suggestions Signed-off-by: Larry Dewey <larry.dewey@amd.com>
Changes have been made on the latest commit. |
@@ -29,6 +31,77 @@ impl<'a> Verifiable for &'a Chain { | |||
} | |||
} | |||
|
|||
#[cfg(feature = "openssl")] | |||
impl From<(X509, X509)> for Chain { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the ordering of the tuples/arrays/etc should be ARK/ASK rather than ASK/ARK.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't disagree. I would like the root key first, as well. However, we need to follow the standard already presented by the AMD Key Distribution Server (KDS) which explicitly returns (ASK, ARK) in PEM format:
Certificate
,openssl::X509
,ca::Chain
, andChain