search

iqlusioninc / yubikey.rs

Pure Rust YubiKey host-side driver for PIV-based RSA/ECC key storage + signing/encryption support
BSD 2-Clause "Simplified" License
218 stars 27 forks source link

`Certificate::generate_self_signed` has incorrect error value for extensions closure #580

Open str4d opened 2 months ago

str4d commented 2 months ago

https://github.com/iqlusioninc/yubikey.rs/blob/0a90dc3ca8217d728064cbd23335091976636e46/src/certificate.rs#L109-L112

This closure only allows returning errors of type der::Error. However, the closure's sole argument is an x509_cert::builder::CertificateBuilder, the methods for which (in particular CertificateBuilder::add_extension) all return x509_cert::builder::Error. The latter contains der::Error as a sub-error, but we can't represent all of the builder's errors in that.

The extensions closure in Certificate::generate_self_signed should be changed to return Result<_, x509_cert::builder::Error> instead of der::Result.

tony-iqlusion commented 2 months ago

cc @baloo

baloo commented 2 months ago

yeah, the cert builder needs an overhaul.