search

haskell-cryptography / HsOpenSSL

OpenSSL binding for Haskell
http://hackage.haskell.org/package/HsOpenSSL
Creative Commons Zero v1.0 Universal
22 stars 33 forks source link

Added generic functionality for adding extensions to X509 #87

Closed ishan-rep closed 3 months ago

ishan-rep commented 8 months ago

Tested this with basic script (where server was verifying the below extensions) and this works.

getCertUnsigned :: IO X509 getCertUnsigned = do deviceCSR <- readFile "new_csr.pem" x509Object <- readX509Req deviceCSR issuerCert <- getIssuerCert x509Cert <- makeX509FromReq x509Object issuerCert setSerialNumber x509Cert 112312 now <- getCurrentTime setNotBefore x509Cert $ addUTCTime (-100) now setNotAfter x509Cert $ addUTCTime (365 24 60 * 60) now addExtensionToX509 x509Cert 87 "CA:FALSE" addExtensionToX509 x509Cert 83 "digitalSignature, keyEncipherment" addExtensionToX509 x509Cert 85 "serverAuth, clientAuth" pure x509Cert

ishan-rep commented 8 months ago

@vshabanov Can you review this change? Let me know if anything is not clear.

vshabanov commented 3 months ago

Thank you. It's now available in HsOpenSSL-0.11.7.7