fixup! Allow multiple issuer items of the same kind

da-kami · da-kami · commit 2e18fbb7b8fe · 2025-01-21T17:56:56.000+11:00
diff --git a/rcgen/src/certificate.rs b/rcgen/src/certificate.rs
@@ -608,7 +608,7 @@ impl CertificateParams {
 		let der = subject_key.sign_der(|writer| {
 			// Write version
 			writer.next().write_u8(0);
-			write_distinguished_name(writer.next(), distinguished_name.clone());
+			write_distinguished_name(writer.next(), distinguished_name);
 			serialize_public_key_der(subject_key, writer.next());
 
 			// According to the spec in RFC 2986, even if attributes are empty we need the empty attribute tag
@@ -670,7 +670,7 @@ impl CertificateParams {
 			// Write signature algorithm
 			issuer.key_pair.alg.write_alg_ident(writer.next());
 			// Write issuer name
-			write_distinguished_name(writer.next(), issuer.distinguished_name.clone());
+			write_distinguished_name(writer.next(), issuer.distinguished_name);
 			// Write validity
 			writer.next().write_sequence(|writer| {
 				// Not before
@@ -680,7 +680,7 @@ impl CertificateParams {
 				Ok::<(), Error>(())
 			})?;
 			// Write subject
-			write_distinguished_name(writer.next(), self.distinguished_name.clone());
+			write_distinguished_name(writer.next(), &self.distinguished_name);
 			// Write subjectPublicKeyInfo
 			serialize_public_key_der(pub_key, writer.next());
 			// write extensions
@@ -869,7 +869,7 @@ fn write_general_subtrees(writer: DERWriter, tag: u64, general_subtrees: &[Gener
 								GeneralSubtree::Rfc822Name(name)
 								| GeneralSubtree::DnsName(name) => writer.write_ia5_string(name),
 								GeneralSubtree::DirectoryName(name) => {
-									write_distinguished_name(writer, name.clone())
+									write_distinguished_name(writer, name)
 								},
 								GeneralSubtree::IpAddress(subnet) => {
 									writer.write_bytes(&subnet.to_bytes())
diff --git a/rcgen/src/crl.rs b/rcgen/src/crl.rs
@@ -234,7 +234,7 @@ impl CertificateRevocationListParams {
 			// Write issuer.
 			// RFC 5280 §5.1.2.3:
 			//   The issuer field MUST contain a non-empty X.500 distinguished name (DN).
-			write_distinguished_name(writer.next(), issuer.distinguished_name.clone());
+			write_distinguished_name(writer.next(), issuer.distinguished_name);
 
 			// Write thisUpdate date.
 			// RFC 5280 §5.1.2.4:
diff --git a/rcgen/src/lib.rs b/rcgen/src/lib.rs
@@ -338,10 +338,10 @@ impl DistinguishedName {
 		self.entries.push((ty, s.into()));
 	}
 
-	/// Replaces the *fist occurrence* of a type with a new value.
+	/// Replaces the *first occurrence* of a type with a new value.
 	/// This is a convenience function to avoid duplicating values.
 	///
-	/// If there are multiple occurrences of a type there is currently no way of changing the besides iterating over the types and values of an existing instance and creating a new instance.
+	/// If there are multiple occurrences of a type there is currently no way of changing them besides iterating over the types and values of an existing instance and creating a new instance.
 	///
 	/// ```
 	/// # use rcgen::{DistinguishedName, DnType, DnValue};
@@ -586,7 +586,7 @@ fn write_dt_utc_or_generalized(writer: DERWriter, dt: OffsetDateTime) {
 	}
 }
 
-fn write_distinguished_name(writer: DERWriter, dn: DistinguishedName) {
+fn write_distinguished_name(writer: DERWriter, dn: &DistinguishedName) {
 	writer.write_sequence(|writer| {
 		for (ty, content) in dn.iter() {
 			writer.next().write_set(|writer| {
diff --git a/rcgen/tests/openssl.rs b/rcgen/tests/openssl.rs
@@ -7,13 +7,17 @@ use openssl::ssl::{HandshakeError, SslAcceptor, SslConnector, SslMethod};
 use openssl::stack::Stack;
 use openssl::x509::store::{X509Store, X509StoreBuilder};
 use openssl::x509::{CrlStatus, X509Crl, X509Req, X509StoreContext, X509};
+use std::cell::RefCell;
+use std::io::{Error, ErrorKind, Read, Result as ioResult, Write};
+use std::rc::Rc;
+
+#[cfg(feature = "x509-parser")]
+use {rcgen::Ia5String, std::str::FromStr};
+
 use rcgen::{
 	BasicConstraints, Certificate, CertificateParams, DnType, DnValue, GeneralSubtree, IsCa,
 	KeyPair, NameConstraints,
 };
-use std::cell::RefCell;
-use std::io::{Error, ErrorKind, Read, Result as ioResult, Write};
-use std::rc::Rc;
 
 mod util;
 
@@ -542,9 +546,6 @@ fn test_openssl_pkcs1_and_sec1_keys() {
 #[test]
 #[cfg(feature = "x509-parser")]
 fn test_parse_certificate_with_multiple_domain_components() {
-	use rcgen::Ia5String;
-	use std::str::FromStr;
-
 	/// Command used to generate:
 	/// `openssl req -x509 -newkey rsa:4096 -nodes -out mycert.pem -keyout mykey.pem -days 365 -subj "/C=US/ST=California/L=San Francisco/O=Example Company/OU=IT Department/CN=www.example.com/DC=example/DC=com"`
 	/// Contains two distinct "DC" entries.

Original file line number	Diff line number	Diff line change
`@@ -338,10 +338,10 @@ impl DistinguishedName {`
`338`	`338`	`self.entries.push((ty, s.into()));`
`339`	`339`	`}`
`340`	`340`
`341`		`- /// Replaces the fist occurrence of a type with a new value.`
	`341`	`+ /// Replaces the first occurrence of a type with a new value.`
`342`	`342`	`/// This is a convenience function to avoid duplicating values.`
`343`	`343`	`///`
`344`		`- /// If there are multiple occurrences of a type there is currently no way of changing the besides iterating over the types and values of an existing instance and creating a new instance.`
	`344`	`+ /// If there are multiple occurrences of a type there is currently no way of changing them besides iterating over the types and values of an existing instance and creating a new instance.`
`345`	`345`	`///`
`346`	`346`	/// ```
`347`	`347`	`/// # use rcgen::{DistinguishedName, DnType, DnValue};`
`@@ -586,7 +586,7 @@ fn write_dt_utc_or_generalized(writer: DERWriter, dt: OffsetDateTime) {`
`586`	`586`	`}`
`587`	`587`	`}`
`588`	`588`
`589`		`-fn write_distinguished_name(writer: DERWriter, dn: DistinguishedName) {`
	`589`	`+fn write_distinguished_name(writer: DERWriter, dn: &DistinguishedName) {`
`590`	`590`	`writer.write_sequence(\|writer\| {`
`591`	`591`	`for (ty, content) in dn.iter() {`
`592`	`592`	`writer.next().write_set(\|writer\| {`