Fix othername generation

depends on sfackler/rust-openssl#1915 and sfackler/rust-openssl#1928
huettner94 · May 17, 2023 · b6e8dcd · b6e8dcd
1 parent f993991
commit b6e8dcd
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 29 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,4 +6,10 @@ members = [
     "client",
     "dtrd",
     "tcpcl"
-]
+]
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/dtrd/Cargo.toml b/dtrd/Cargo.toml
@@ -16,7 +16,7 @@ tokio-stream = "0.1.14"
 tokio-util = "0.7.8"
 futures-util = "0.3.28"
 env_logger = "0.10.0"
-openssl = "0.10.52"
+openssl = "0.10.53"
 uuid = {version = "1.3.2", features = ["v4"]}
 console-subscriber = "0.1.8"
 actix = "0.13.0"
@@ -25,3 +25,10 @@ async-stream = "0.3.5"
 
 [build-dependencies]
 tonic-build = "0.9.2"
+
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/tcpcl/Cargo.toml b/tcpcl/Cargo.toml
@@ -9,10 +9,16 @@ edition = "2021"
 bitflags = "2.2.1"
 tokio = { version = "1.28.0", features = ["fs", "io-util", "net", "macros", "sync", "rt", "time"] }
 tokio-openssl = "0.6.3"
-openssl = "0.10.52"
+openssl = "0.10.53"
 log = "0.4"
 num_enum = "0.6.1"
 x509-parser = "0.15.0"
 tokio-util = {version = "0.7.8", features = ["codec"]}
 bytes = "1.4.0"
-futures-util = {version = "0.3.28", features = ["sink"]}
+futures-util = {version = "0.3.28", features = ["sink"]}
+
+[patch.crates-io]
+openssl = { path = "../rust-openssl/openssl" }
+openssl-sys = { path = "../rust-openssl/openssl-sys" }
+openssl-errors = { path = "../rust-openssl/openssl-errors" }
+openssl-macros = { path = "../rust-openssl/openssl-macros" }
diff --git a/tcpcl/tests/common/tls.rs b/tcpcl/tests/common/tls.rs
@@ -1,11 +1,12 @@
 use openssl::{
-    asn1::Asn1Time,
+    asn1::{Asn1Object, Asn1String, Asn1Time},
     hash::MessageDigest,
     nid::Nid,
     pkey::{PKey, Private},
     rsa::Rsa,
-    x509::{X509Extension, X509Name, X509},
+    x509::{extension::SubjectAlternativeName, X509Name, X509},
 };
+use std::str::FromStr;
 
 fn get_cert_with_san(sanname: &str) -> (PKey<Private>, X509) {
     let cert_rsa = Rsa::generate(2048).unwrap();
@@ -21,14 +22,16 @@ fn get_cert_with_san(sanname: &str) -> (PKey<Private>, X509) {
     builder.set_subject_name(&name).unwrap();
     builder.set_issuer_name(&name).unwrap();
 
-    #[allow(deprecated)] // Depending on https://github.com/sfackler/rust-openssl/issues/1911 to fix
-    let subject_alternative_name = X509Extension::new_nid(
-        None,
-        Some(&builder.x509v3_context(None, None)),
-        Nid::SUBJECT_ALT_NAME,
-        &format!("otherName:1.3.6.1.5.5.7.8.11;IA5STRING:{}", sanname),
-    )
-    .unwrap();
+    let s = Asn1String::from_str(sanname).unwrap();
+    let subject_alternative_name = SubjectAlternativeName::new()
+        .other_name2(
+            Asn1Object::from_str("1.3.6.1.5.5.7.8.11").unwrap(),
+            &s.as_asn1type_der().unwrap(),
+        )
+        .unwrap()
+        .build(&builder.x509v3_context(None, None))
+        .unwrap();
+
     builder.append_extension(subject_alternative_name).unwrap();
 
     builder