You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In webpki-roots we want to be able to codegen constant CertificateDer entries to support the use-case where trusted CA roots in full self-signed certificate form (as opposed to the minimal webpkiTrustAnchor representation) are required, for example when working with a platform verifier that consumes x509 trust anchors (See rustls/webpki-roots#75).
While there is a const friendly way to create pki_types::Der with Der::from_slice() there's presently no const friendly way to create a CertificateDer in a similar manner. This branch adds const CertificateDer::from_slice() for this purpose. We skip requiring the Der::from_slice() and accept a &[u8] directly since the CertificateDer name already emphasizes the expected format and there's limited value in making callers jump through the extra Der::from_slice() hoop.
There are other types that wrap Der<'_> (e.g. the PrivateKeyDer variants, CertificateRevocationListDer, etc) but for now I've omitted adding similar from_slice() const constructors for these types until there's a concrete need in-hand.
The main question in my mind is whether this should take Der or just take &[u8] directly. I don't remember why I/we made Der a public type, but I don't feel there is much to be gained from making the extra intermediate step in this case?
The main question in my mind is whether this should take Der or just take &[u8] directly. I don't remember why I/we made Der a public type, but I don't feel there is much to be gained from making the extra intermediate step in this case?
That's a fair point. Given "Der" is in the outer type name already I would be in favour of changing it to take a slice directly. I'll adjust.
This commit adds the ability to construct a `const CertificateDer` by
way of the `const`-friendly `CertificateDer::from_slice()` fn that
accepts a slice of `&[u8]` DER.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cpu
changed the title
In
webpki-rootswe want to be able to codegen constantCertificateDerentries to support the use-case where trusted CA roots in full self-signed certificate form (as opposed to the minimalwebpkiTrustAnchorrepresentation) are required, for example when working with a platform verifier that consumes x509 trust anchors (See rustls/webpki-roots#75).While there is a
constfriendly way to createpki_types::DerwithDer::from_slice()there's presently noconstfriendly way to create aCertificateDerin a similar manner. This branch addsconst CertificateDer::from_slice()for this purpose. We skip requiring theDer::from_slice()and accept a&[u8]directly since theCertificateDername already emphasizes the expected format and there's limited value in making callers jump through the extraDer::from_slice()hoop.There are other types that wrap
Der<'_>(e.g. thePrivateKeyDervariants,CertificateRevocationListDer, etc) but for now I've omitted adding similarfrom_slice()const constructors for these types until there's a concrete need in-hand.