@@ -2,7 +2,10 @@ use core::time::Duration;
22use std:: convert:: TryFrom ;
33
44use pki_types:: { CertificateDer , ServerName , SignatureVerificationAlgorithm , UnixTime } ;
5- use rcgen:: { BasicConstraints , CertificateParams , DnType , IsCa , Issuer , KeyPair , KeyUsagePurpose } ;
5+ use rcgen:: {
6+ BasicConstraints , CertificateParams , CertifiedIssuer , DnType , IsCa , Issuer , KeyPair ,
7+ KeyUsagePurpose ,
8+ } ;
69use webpki:: { anchor_from_trusted_cert, EndEntityCert , Error , KeyUsage } ;
710use x509_parser:: extensions:: { GeneralName , NameConstraints as X509ParserNameConstraints } ;
811use x509_parser:: prelude:: FromDer ;
@@ -76,9 +79,7 @@ impl ConstraintTest {
7679 params. name_constraints = Some ( name_constraints. clone ( ) ) ;
7780
7881 let key = KeyPair :: generate ( ) . unwrap ( ) ;
79- let cert = params. self_signed ( & key) . unwrap ( ) ;
80- let issuer = Issuer :: new ( params, key) ;
81- ( issuer, cert)
82+ CertifiedIssuer :: self_signed ( params, key) . unwrap ( )
8283 } ;
8384
8485 let certs_for_subtrees = |suffix| {
@@ -88,7 +89,7 @@ impl ConstraintTest {
8889 . filter_map ( |subtree| match subtree {
8990 rcgen:: GeneralSubtree :: DnsName ( dns_name) => Some ( rcgen_ee_for_name (
9091 format ! ( "valid{dns_name}{suffix}" ) ,
91- & trust_anchor. 0 ,
92+ & trust_anchor,
9293 ) ) ,
9394 _ => None ,
9495 } )
@@ -102,7 +103,7 @@ impl ConstraintTest {
102103 // For each permitted subtree in the name constraints, issue an end entity certificate
103104 // that contains a DNS name that will **not** match the permitted subtree base.
104105 forbidden_certs : certs_for_subtrees ( ".invalid" ) ,
105- trust_anchor : trust_anchor. 1 . into ( ) ,
106+ trust_anchor : trust_anchor. der ( ) . to_owned ( ) ,
106107 }
107108 }
108109}
0 commit comments