Add extended key usage

[garthy]

Fixes https://github.com/oxidecomputer/pki-playground/issues/3

This currently doesn't actually work and seems to fail if I add this to a cert

See https://github.com/oxidecomputer/pki-playground/pull/4/commits/acf2550546f3fd6301bdebc5386bec156e7c45b8#diff-33af558753e6a6c431cf99fd8f11fb026226a5f6767c6e782749259c5d993f1e

Error: 
  × signing cert
  ╰─▶ message too long

[garthy]

Urgh sorry about formatting. So happy to get it compile have forgotten to configure local ide/tools to fmt

[mx-shift]

This does compile and appear to generate a correct certificate w/ the Extended Key Usage extension for me. In fact, adding an extension can't cause signing to fail as only a SHA-256 of the TbsCertificate is signed. That failure is most likely an unrelated bug. What platform are you using and does current main branch fail in the same way? If so, please file another bug.

[mx-shift]

No worries. Can clean it up in a follow-up PR.

On Wed, Dec 14, 2022, 9:04 AM Garth Bushell @.***> wrote:

@.**** commented on this pull request.

In src/lib.rs https://github.com/oxidecomputer/pki-playground/pull/4#discussion_r1048735407 :

• }
• fn is_critical(&self) -> bool {
• self.is_critical
• }
• fn as_der(&self) -> &[u8] {
• &self.der
• } +}

• +impl ExtendedKeyUsageExtension {

• pub(crate) fn from_config(config: &config::ExtendedKeyUsageExtension ) -> Result {
• let mut der = Vec::new();

I totally forgot to do this!

— Reply to this email directly, view it on GitHub https://github.com/oxidecomputer/pki-playground/pull/4#discussion_r1048735407, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACIEHF7XZ2QLENUMKH4KU4LWNH42FANCNFSM6AAAAAAS5RNZCM . You are receiving this because you modified the open/close state.Message ID: @.***>