pingora_openssl::x509

Module store

Source
Expand description

Describe a context in which to verify an X509 certificate.

The X509 certificate store holds trusted CA certificates used to verify peer certificates.

§Example

use openssl::x509::store::{X509StoreBuilder, X509Store};
use openssl::x509::{X509, X509Name};
use openssl::asn1::Asn1Time;
use openssl::pkey::PKey;
use openssl::hash::MessageDigest;
use openssl::rsa::Rsa;
use openssl::nid::Nid;

let rsa = Rsa::generate(2048).unwrap();
let pkey = PKey::from_rsa(rsa).unwrap();

let mut name = X509Name::builder().unwrap();
name.append_entry_by_nid(Nid::COMMONNAME, "foobar.com").unwrap();
let name = name.build();

// Sep 27th, 2016
let sample_time = Asn1Time::from_unix(1474934400).unwrap();

let mut builder = X509::builder().unwrap();
builder.set_version(2).unwrap();
builder.set_subject_name(&name).unwrap();
builder.set_issuer_name(&name).unwrap();
builder.set_pubkey(&pkey).unwrap();
builder.set_not_before(&sample_time);
builder.set_not_after(&sample_time);
builder.sign(&pkey, MessageDigest::sha256()).unwrap();

let certificate: X509 = builder.build();

let mut builder = X509StoreBuilder::new().unwrap();
let _ = builder.add_cert(certificate);

let store: X509Store = builder.build();

Structs§