mirror
/
go
mirror of https://github.com/golang/go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto/x509: improve CertificateRequest docs 

Change-Id: If3bab2dd5278ebc621235164e9d6ff710ba326ee
Reviewed-on: https://go-review.googlesource.com/c/160898
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2019-02-05 16:08:35 -05:00
parent 10faf00107
commit ccd9d9d4ce
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/crypto/x509/x509.go
View File

@ -2272,21 +2272,25 @@ type CertificateRequest struct {
Subject pkix.Name Subject pkix.Name
// Attributes is the dried husk of a bug and shouldn't be used. // Attributes contains the CSR attributes that can parse as
// pkix.AttributeTypeAndValueSET.
//
// Deprecated: use Extensions and ExtraExtensions instead for parsing and
// generating the requestedExtensions attribute.
Attributes []pkix.AttributeTypeAndValueSET Attributes []pkix.AttributeTypeAndValueSET
// Extensions contains raw X.509 extensions. When parsing CSRs, this // Extensions contains all requested extensions, in raw form. When parsing
// can be used to extract extensions that are not parsed by this // CSRs, this can be used to extract extensions that are not parsed by this
// package. // package.
Extensions []pkix.Extension Extensions []pkix.Extension
// ExtraExtensions contains extensions to be copied, raw, into any // ExtraExtensions contains extensions to be copied, raw, into any CSR
// marshaled CSR. Values override any extensions that would otherwise // marshaled by CreateCertificateRequest. Values override any extensions
// be produced based on the other fields but are overridden by any // that would otherwise be produced based on the other fields but are
// extensions specified in Attributes. // overridden by any extensions specified in Attributes.
// //
// The ExtraExtensions field is not populated when parsing CSRs, see // The ExtraExtensions field is not populated by ParseCertificateRequest,
// Extensions. // see Extensions instead.
ExtraExtensions []pkix.Extension ExtraExtensions []pkix.Extension
// Subject Alternate Name values. // Subject Alternate Name values.
@ -2385,21 +2389,21 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error)
// CreateCertificateRequest creates a new certificate request based on a // CreateCertificateRequest creates a new certificate request based on a
// template. The following members of template are used: // template. The following members of template are used:
// //
// - Attributes
// - DNSNames
// - EmailAddresses
// - ExtraExtensions
// - IPAddresses
// - URIs
// - SignatureAlgorithm // - SignatureAlgorithm
// - Subject // - Subject
// - DNSNames
// - EmailAddresses
// - IPAddresses
// - URIs
// - ExtraExtensions
// - Attributes (deprecated)
// //
// The private key is the private key of the signer. // priv is the private key to sign the CSR with, and the corresponding public
// key will be included in the CSR. It must implement crypto.Signer and its
// Public() method must return a *rsa.PublicKey or a *ecdsa.PublicKey. (A
// *rsa.PrivateKey or *ecdsa.PrivateKey satisfies this.)
// //
// The returned slice is the certificate request in DER encoding. // The returned slice is the certificate request in DER encoding.
//
// All keys types that are implemented via crypto.Signer are supported (This
// includes *rsa.PublicKey and *ecdsa.PublicKey.)
func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) { func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) {
key, ok := priv.(crypto.Signer) key, ok := priv.(crypto.Signer)
if !ok { if !ok {