Open KtorZ opened 5 years ago
Switched from ip
to foundation
and defined a custom data IP
to unify both Foundation.Network.IPv4
and Foundation.Network.IPv6
:+1:
I can understand the need for higher-level type but moving away from the ASN.1 definition also has downside. It increases the risk of parse failure.
If ever needed I implemented the reverse approach where content is kept as bytestring and parsed only in x509-validation.
Also in the Name Constraints extension, the same GeneralName datatype is used but with different content. The bytestring is the concatenation of address and mask.
Hey! I am not sure to understand your point :thinking_face: ?
The encoding for IP addresses of x509 certs is well-defined through RFC so there's not much freedom given to developers when it comes to specifying an IP SAN.
This PR removes the hassle of doing the encoding ourselves.
This leaves the encoding / decoding of the IP address to the x509 library. This encoding is quite specific for x509 and there's no reason why the caller wouldn't like to leverage a higher-level type here.
Note, I've tested it in a different commit by exposing the
ipFromBS
andipToBS
constructors:Though, I am not sure you want to expose those as part of the main
Data.X509
API (sinceData.X509.Internal
isn't exposed).Let me know.