Export methods to allow generating custom certificates #99
Conversation
|
As discussed before, the missing issuer is a separate issue that will be solved by #100. Do I understand correctly that once that PR is merged, you'll only need to expose a single method? |
|
yea, we only really need the |
peterargue
force-pushed
the
export-keytocert-and-generateext
branch
from
059fdbc
to
1764007
Compare
|
If you'd prefer not to export the methods, I could refactor this to accept options that optionally set a template. that would avoid exporting any methods and keep the api backwards compatible. func NewIdentity(privKey ic.PrivKey, opts ...IdentityOption) (*Identity, error) {
config := IdentityConfig{}
for _, opt := range opts {
opt(&config)
}
var err error
if config.CertTemplate == nil {
config.CertTemplate, err = defaultCertTemplate()
if err != nil {
return nil, err
}
}
cert, err := keyToCertificate(privKey, config.CertTemplate)
if err != nil {
return nil, err
} |
peterargue
force-pushed
the
export-keytocert-and-generateext
branch
from
1764007
to
449626c
Compare
|
@marten-seemann does this look ok? |
|
@peterargue We just moved go-libp2p-tls into go-libp2p (libp2p/go-libp2p#1466). Could you re-target this PR to go-libp2p please? Sorry for the inconvenience! |
|
for sure. no problem |
|
Closing this as it's handled already in libp2p/go-libp2p#1481 |
Closes: libp2p/go-libp2p#1538
This PR refactors
keyToCertificateinto 3 methodsDefaultCertTemplate(exported), which returns the default certificate template used to generate the self-signed certificate,generateSignedExtension, which generates the signed extensionkeyToCertificate, which accepts anx509.Certificatetemplate, adds the signed extension and returns thetls.Certificateobject.This PR also adds a new optional parameter to
NewIdentity, which can provide a custom certificate template.The changes are intended to be backwards compatible and add the ability for a caller to specify the x509 certificate fields they wish to include in the generated certificate.