55 lines
1.7 KiB
Diff
55 lines
1.7 KiB
Diff
diff --git a/src/x509/mod.rs b/src/x509/mod.rs
|
|
index edd54aa..45f2467 100644
|
|
--- a/src/x509/mod.rs
|
|
+++ b/src/x509/mod.rs
|
|
@@ -353,6 +353,19 @@ impl X509Builder {
|
|
unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) }
|
|
}
|
|
|
|
+ /// Signs the certificate with a private key but without a digest.
|
|
+ ///
|
|
+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
|
|
+ /// message digest.
|
|
+ #[cfg(boringssl)]
|
|
+ #[corresponds(X509_sign)]
|
|
+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
|
|
+ where
|
|
+ T: HasPrivate,
|
|
+ {
|
|
+ unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), ptr::null())).map(|_| ()) }
|
|
+ }
|
|
+
|
|
/// Consumes the builder, returning the certificate.
|
|
pub fn build(self) -> X509 {
|
|
self.0
|
|
@@ -1260,6 +1273,29 @@ impl X509ReqBuilder {
|
|
}
|
|
}
|
|
|
|
+ /// Sign the request using a private key without a digest.
|
|
+ ///
|
|
+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
|
|
+ /// message digest.
|
|
+ ///
|
|
+ /// This corresponds to [`X509_REQ_sign`].
|
|
+ ///
|
|
+ /// [`X509_REQ_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_sign.html
|
|
+ #[cfg(boringssl)]
|
|
+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
|
|
+ where
|
|
+ T: HasPrivate,
|
|
+ {
|
|
+ unsafe {
|
|
+ cvt(ffi::X509_REQ_sign(
|
|
+ self.0.as_ptr(),
|
|
+ key.as_ptr(),
|
|
+ ptr::null(),
|
|
+ ))
|
|
+ .map(|_| ())
|
|
+ }
|
|
+ }
|
|
+
|
|
/// Returns the `X509Req`.
|
|
pub fn build(self) -> X509Req {
|
|
self.0
|