Skip to content

Revise errors for CertificateSigningRequestParams::from_der #388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Revise errors for CertificateSigningRequestParams::from_der #388

wants to merge 2 commits into from
+11 −2

Conversation

dwhjames
Copy link
Contributor

@dwhjames dwhjames commented Oct 9, 2025

  • Introduce specific error for CSR signature verification
  • Make error name more specific for unsupported CSR extensions

Following up from

@dwhjames dwhjames force-pushed the csr_verification_and_valiation_errors branch from 334716a to 0c9946e Compare October 10, 2025 07:09
dwhjames
dwhjames commented Oct 10, 2025
View reviewed changes
rcgen/src/error.rs Outdated
#[cfg(feature = "x509-parser")]
/// Unsupported extension requested in CSR
UnsupportedExtension,
UnsupportedExtensionInCsr,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realize this is a breaking change (hence the semver warning).

Happy to roll this part back, or move to a separate PR.

Copy link
Member

@djc djc Oct 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest you leave the old names in place, marked with #[deprecated] with appropriate since and note, and add the new variants next to them (in the same commit).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rolled this back in 5fd069c and will split off.

@djc
Copy link
Member

djc commented Oct 10, 2025

It would be nice to better understand the motivation/use case here.

@dwhjames
Copy link
Contributor Author

It would be nice to better understand the motivation/use case here.

@djc, I’m assuming the original introduction of Error::RingUnspecified is for

rcgen/rcgen/src/key_pair.rs

Lines 651 to 656 in 453bcb5

#[cfg(feature = "crypto")]
impl<T> ExternalError<T> for Result<T, ring_error::Unspecified> {
fn _err(self) -> Result<T, Error> {
self.map_err(|_| Error::RingUnspecified)
}
}

where a catch-all error case of the underlying crypto library is lifted into the rcgen error enumeration.

And later it was re-used in this case

It would be clearer in code that uses this library to have error variant names that map in a self-evident way to the expected error conditions expected in parsing and verifying a CSR.

Some, but not all, existing error variants include contextual hints in the name (…InCsr or …CertificationRequest are existing examples).

@dwhjames
Revise errors for CertificateSigningRequestParams::from_der
5fd069c 
- Introduce specific error for CSR signature verification
- Make error name more specific for unsupported CSR extensions
@dwhjames dwhjames force-pushed the csr_verification_and_valiation_errors branch from 0c9946e to 5fd069c Compare October 10, 2025 20:08
@djc
Copy link
Member

djc commented Oct 10, 2025

It would be nice to better understand the motivation/use case here.

You still haven't really answered this question. What problem did you run into that you are trying to solve?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djc djc djc left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dwhjames @djc