Merge pull request #1916 from zh-jq/x509_pathlen

add X509::pathlen
sfackler · May 8, 2023 · 5d2c405 · 5d2c405
2 parents b64d4f4 + dd2ce58
commit 5d2c405
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/openssl-sys/src/handwritten/x509v3.rs b/openssl-sys/src/handwritten/x509v3.rs
@@ -96,6 +96,8 @@ extern "C" {
         indent: c_int,
     ) -> c_int;
 
+    #[cfg(ossl110)]
+    pub fn X509_get_pathlen(x: *mut X509) -> c_long;
     #[cfg(ossl110)]
     pub fn X509_get_extension_flags(x: *mut X509) -> u32;
     #[cfg(ossl110)]

diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
@@ -483,6 +483,14 @@ impl X509Ref {
         }
     }
 
+    /// Retrieves the path length extension from a certificate, if it exists.
+    #[corresponds(X509_get_pathlen)]
+    #[cfg(ossl110)]
+    pub fn pathlen(&self) -> Option<u32> {
+        let v = unsafe { ffi::X509_get_pathlen(self.as_ptr()) };
+        u32::try_from(v).ok()
+    }
+
     /// Returns this certificate's subject key id, if it exists.
     #[corresponds(X509_get0_subject_key_id)]
     #[cfg(ossl110)]

diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
@@ -168,6 +168,22 @@ fn test_subject_alt_name() {
     assert_eq!(Some("http://www.example.com"), subject_alt_names[4].uri());
 }
 
+#[test]
+#[cfg(ossl110)]
+fn test_retrieve_pathlen() {
+    let cert = include_bytes!("../../test/root-ca.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), None);
+
+    let cert = include_bytes!("../../test/intermediate-ca.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), Some(0));
+
+    let cert = include_bytes!("../../test/alt_name_cert.pem");
+    let cert = X509::from_pem(cert).unwrap();
+    assert_eq!(cert.pathlen(), None);
+}
+
 #[test]
 #[cfg(ossl110)]
 fn test_subject_key_id() {