X509Builder::append_extension2 -> X509Builder::append_extension

Author: rushilmehra

boring/examples/mk_certs.rs

@@ -43,18 +43,19 @@ fn mk_ca_cert() -> Result<(X509, PKey<Private>), ErrorStack> {
     let not_after = Asn1Time::days_from_now(365)?;
     cert_builder.set_not_after(&not_after)?;
 
-    cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
+    cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?.as_ref())?;
     cert_builder.append_extension(
         KeyUsage::new()
             .critical()
             .key_cert_sign()
             .crl_sign()
-            .build()?,
+            .build()?
+            .as_ref(),
     )?;
 
     let subject_key_identifier =
         SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?;
-    cert_builder.append_extension(subject_key_identifier)?;
+    cert_builder.append_extension(&subject_key_identifier)?;
 
     cert_builder.sign(&privkey, MessageDigest::sha256())?;
     let cert = cert_builder.build();
@@ -106,32 +107,33 @@ fn mk_ca_signed_cert(
     let not_after = Asn1Time::days_from_now(365)?;
     cert_builder.set_not_after(&not_after)?;
 
-    cert_builder.append_extension(BasicConstraints::new().build()?)?;
+    cert_builder.append_extension(BasicConstraints::new().build()?.as_ref())?;
 
     cert_builder.append_extension(
         KeyUsage::new()
             .critical()
             .non_repudiation()
             .digital_signature()
             .key_encipherment()
-            .build()?,
+            .build()?
+            .as_ref(),
     )?;
 
     let subject_key_identifier =
         SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
-    cert_builder.append_extension(subject_key_identifier)?;
+    cert_builder.append_extension(&subject_key_identifier)?;
 
     let auth_key_identifier = AuthorityKeyIdentifier::new()
         .keyid(false)
         .issuer(false)
         .build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
-    cert_builder.append_extension(auth_key_identifier)?;
+    cert_builder.append_extension(&auth_key_identifier)?;
 
     let subject_alt_name = SubjectAlternativeName::new()
         .dns("*.example.com")
         .dns("hello.com")
         .build(&cert_builder.x509v3_context(Some(ca_cert), None))?;
-    cert_builder.append_extension(subject_alt_name)?;
+    cert_builder.append_extension(&subject_alt_name)?;
 
     cert_builder.sign(ca_privkey, MessageDigest::sha256())?;
     let cert = cert_builder.build();

boring/src/pkcs12.rs

@@ -260,7 +260,7 @@ mod test {
             .unwrap();
         builder.set_subject_name(&name).unwrap();
         builder.set_issuer_name(&name).unwrap();
-        builder.append_extension(key_usage).unwrap();
+        builder.append_extension(&key_usage).unwrap();
         builder.set_pubkey(&pkey).unwrap();
         builder.sign(&pkey, MessageDigest::sha256()).unwrap();
         let cert = builder.build();

boring/src/x509/mod.rs

@@ -484,16 +484,9 @@ impl X509Builder {
         }
     }
 
-    /// Adds an X509 extension value to the certificate.
-    ///
-    /// This works just as `append_extension` except it takes ownership of the `X509Extension`.
-    pub fn append_extension(&mut self, extension: X509Extension) -> Result<(), ErrorStack> {
-        self.append_extension2(&extension)
-    }
-
     /// Adds an X509 extension value to the certificate.
     #[corresponds(X509_add_ext)]
-    pub fn append_extension2(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> {
+    pub fn append_extension(&mut self, extension: &X509ExtensionRef) -> Result<(), ErrorStack> {
         unsafe {
             cvt(ffi::X509_add_ext(self.0.as_ptr(), extension.as_ptr(), -1))?;
             Ok(())

boring/src/x509/tests/mod.rs

@@ -250,34 +250,36 @@ fn x509_builder() {
         .unwrap();
 
     let basic_constraints = BasicConstraints::new().critical().ca().build().unwrap();
-    builder.append_extension(basic_constraints).unwrap();
+    builder
+        .append_extension(basic_constraints.as_ref())
+        .unwrap();
     let key_usage = KeyUsage::new()
         .digital_signature()
         .key_encipherment()
         .build()
         .unwrap();
-    builder.append_extension(key_usage).unwrap();
+    builder.append_extension(&key_usage).unwrap();
     let ext_key_usage = ExtendedKeyUsage::new()
         .client_auth()
         .server_auth()
         .other("2.999.1")
         .build()
         .unwrap();
-    builder.append_extension(ext_key_usage).unwrap();
+    builder.append_extension(&ext_key_usage).unwrap();
     let subject_key_identifier = SubjectKeyIdentifier::new()
         .build(&builder.x509v3_context(None, None))
         .unwrap();
-    builder.append_extension(subject_key_identifier).unwrap();
+    builder.append_extension(&subject_key_identifier).unwrap();
     let authority_key_identifier = AuthorityKeyIdentifier::new()
         .keyid(true)
         .build(&builder.x509v3_context(None, None))
         .unwrap();
-    builder.append_extension(authority_key_identifier).unwrap();
+    builder.append_extension(&authority_key_identifier).unwrap();
     let subject_alternative_name = SubjectAlternativeName::new()
         .dns("example.com")
         .build(&builder.x509v3_context(None, None))
         .unwrap();
-    builder.append_extension(subject_alternative_name).unwrap();
+    builder.append_extension(&subject_alternative_name).unwrap();
 
     builder.sign(&pkey, MessageDigest::sha256()).unwrap();