add other name support

the issue with other name SANs is that they can contain arbitary data.
As we can no longer use the old method for other_name for security
reasons the easiest way now is to do individual implementations per
datatype.

We start with strings for now, but it should be quite easy to expand
upon that.

openssl-sys/src/handwritten/asn1.rs

@@ -94,6 +94,8 @@ extern "C" {
     #[cfg(ossl110)]
     pub fn ASN1_ENUMERATED_get_int64(pr: *mut i64, a: *const ASN1_ENUMERATED) -> c_int;
 
+    pub fn ASN1_TYPE_new() -> *mut ASN1_TYPE;
+    pub fn ASN1_TYPE_set(a: *mut ASN1_TYPE, type_: c_int, value: *mut c_void);
     pub fn ASN1_TYPE_free(x: *mut ASN1_TYPE);
 }
 

openssl-sys/src/handwritten/x509v3.rs

@@ -6,6 +6,11 @@ pub enum CONF_METHOD {}
 extern "C" {
     pub fn GENERAL_NAME_new() -> *mut GENERAL_NAME;
     pub fn GENERAL_NAME_free(name: *mut GENERAL_NAME);
+    pub fn GENERAL_NAME_set0_othername(
+        gen: *mut GENERAL_NAME,
+        oid: *mut ASN1_OBJECT,
+        value: *mut ASN1_TYPE,
+    ) -> c_int;
 }
 
 #[repr(C)]

openssl/src/x509/extension.rs

@@ -434,6 +434,7 @@ enum RustGeneralName {
     Uri(String),
     Ip(String),
     Rid(String),
+    OtherName(String, String),
 }
 
 /// An extension that allows additional identities to be bound to the subject
@@ -506,14 +507,23 @@ impl SubjectAlternativeName {
 
     /// Sets the `otherName` flag.
     ///
-    /// Not currently actually supported, always panics.
-    #[deprecated = "other_name is deprecated and always panics. Please file a bug if you have a use case for this."]
+    /// Not currently actually supported, always panics. Please use other_name2
+    #[deprecated = "other_name is deprecated and always panics. Please use other_name2."]
     pub fn other_name(&mut self, _other_name: &str) -> &mut SubjectAlternativeName {
         unimplemented!(
             "This has not yet been adapted for the new internals. File a bug if you need this."
         );
     }
 
+    /// Sets the `otherName` flag to a ia5string value.
+    pub fn other_name_string(&mut self, oid: &str, content: &str) -> &mut SubjectAlternativeName {
+        self.items.push(RustGeneralName::OtherName(
+            oid.to_string(),
+            content.to_string(),
+        ));
+        self
+    }
+
     /// Return a `SubjectAlternativeName` extension as an `X509Extension`.
     pub fn build(&self, _ctx: &X509v3Context<'_>) -> Result<X509Extension, ErrorStack> {
         let mut stack = Stack::new()?;
@@ -526,6 +536,10 @@ impl SubjectAlternativeName {
                     GeneralName::new_ip(s.parse().map_err(|_| ErrorStack::get())?)?
                 }
                 RustGeneralName::Rid(s) => GeneralName::new_rid(Asn1Object::from_str(s)?)?,
+                RustGeneralName::OtherName(oid, content) => GeneralName::new_other_name_ia5string(
+                    Asn1Object::from_str(oid)?,
+                    content.as_bytes(),
+                )?,
             };
             stack.push(gn)?;
         }

openssl/src/x509/mod.rs

@@ -2046,6 +2046,29 @@ impl GeneralName {
             Ok(GeneralName::from_ptr(gn))
         }
     }
+
+    pub(crate) fn new_other_name_ia5string(
+        oid: Asn1Object,
+        value: &[u8],
+    ) -> Result<GeneralName, ErrorStack> {
+        unsafe {
+            ffi::init();
+            let gn = cvt_p(ffi::GENERAL_NAME_new())?;
+            (*gn).type_ = ffi::GEN_OTHERNAME;
+
+            let s = cvt_p(ffi::ASN1_STRING_type_new(Asn1Type::IA5STRING.as_raw()))?;
+            ffi::ASN1_STRING_set(s, value.as_ptr().cast(), value.len().try_into().unwrap());
+
+            let typ = cvt_p(ffi::ASN1_TYPE_new())?;
+            ffi::ASN1_TYPE_set(typ, ffi::V_ASN1_IA5STRING, s.cast());
+
+            ffi::GENERAL_NAME_set0_othername(gn, oid.as_ptr().cast(), typ);
+
+            mem::forget(oid);
+
+            Ok(GeneralName::from_ptr(gn))
+        }
+    }
 }
 
 impl GeneralNameRef {