Skip to content

Commit

Permalink
Merge pull request #87 from ishan-rep/add-extension-to-cert
Browse files Browse the repository at this point in the history
Added generic functionality for adding extensions to X509
  • Loading branch information
vshabanov authored Jun 11, 2024
2 parents 66089b9 + 61c5ec3 commit 7021043
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 4 deletions.
2 changes: 1 addition & 1 deletion OpenSSL/X509.hsc
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
-- |An interface to X.509 certificate.
module OpenSSL.X509
( -- * Type
X509
X509(..)
, X509_

-- * Functions to manipulate certificate
Expand Down
22 changes: 22 additions & 0 deletions OpenSSL/X509/Request.hs
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ module OpenSSL.X509.Request
, setPublicKey

, addExtensions
, addExtensionToX509
)
where

Expand Down Expand Up @@ -100,6 +101,8 @@ foreign import capi unsafe "openssl/x509v3.h X509V3_EXT_nconf_nid"
foreign import capi unsafe "openssl/x509.h X509_REQ_add_extensions"
_req_add_extensions :: Ptr X509_REQ -> Ptr STACK -> IO CInt

foreign import capi unsafe "openssl/x509.h X509_add_ext"
_X509_add_ext :: Ptr Cert.X509_ -> Ptr X509_EXT -> CInt -> IO CInt

-- |@'newX509Req'@ creates an empty certificate request. You must set
-- the following properties to and sign it (see 'signX509Req') to
Expand Down Expand Up @@ -296,3 +299,22 @@ makeX509FromReq req caCert
Cert.setPublicKey cert =<< getPublicKey req

return cert

-- Add Extensions to certificate (when Server accepting certs requires it)
-- e.g. :
-- addExtensionToX509 cert1 87 "CA:FALSE"
-- addExtensionToX509 cert1 85 "critical,serverAuth, clientAuth" - when this extension field is critical

addExtensionToX509 :: X509 -> Int -> String -> IO Bool
addExtensionToX509 (Cert.X509 certFPtr) nid value = do
-- Context and config pointers are set to nullPtr for simplicity.
-- Depending on your use case, you might need to provide actual values.
result <- withForeignPtr certFPtr $ \certPtr ->
withCString value $ \cValue -> do
extPtr <- _ext_create nullPtr nullPtr (fromIntegral nid) cValue
if extPtr /= nullPtr
then do
res <- _X509_add_ext certPtr extPtr (-1) -- Add to the end
return (res == 0)
else return False
return result
6 changes: 3 additions & 3 deletions examples/HelloWorld.hs
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ import Text.Printf


main = withOpenSSL $
do putStrLn "cipher: DES-CBC"
des <- liftM fromJust $ getCipherByName "DES-CBC"

do putStrLn "cipher: DES3"
des <- liftM fromJust $ getCipherByName "DES3"
putStrLn "generating RSA keypair..."
rsa <- generateRSAKey 512 65537 Nothing

Expand Down

0 comments on commit 7021043

Please sign in to comment.