Google Git
Sign in
apache / incubator-teaclave-website / refs/heads/asf-site / . / api-docs / crates-app / src / openssl / x509 / mod.rs.html
blob: 8b5869719d32f783181d74850bfb83ba18c90f47 [file] [log] [blame]
<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="Source of the Rust file `/root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-0.10.54/src/x509/mod.rs`."><meta name="keywords" content="rust, rustlang, rust-lang"><title>mod.rs - source</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" href="../../../normalize.css"><link rel="stylesheet" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" href="../../../ayu.css" disabled><link rel="stylesheet" href="../../../dark.css" disabled><link rel="stylesheet" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../source-script.js"></script><script defer src="../../../source-files.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc source"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="sidebar"><a class="sidebar-logo" href="../../../openssl/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a></nav><main><div class="width-limiter"><nav class="sub"><a class="sub-logo-container" href="../../../openssl/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><a href="../../../help.html">?</a></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav><section id="main-content" class="content"><div class="example-wrap"><pre class="src-line-numbers"><span id="1">1</span>
<span id="2">2</span>
<span id="3">3</span>
<span id="4">4</span>
<span id="5">5</span>
<span id="6">6</span>
<span id="7">7</span>
<span id="8">8</span>
<span id="9">9</span>
<span id="10">10</span>
<span id="11">11</span>
<span id="12">12</span>
<span id="13">13</span>
<span id="14">14</span>
<span id="15">15</span>
<span id="16">16</span>
<span id="17">17</span>
<span id="18">18</span>
<span id="19">19</span>
<span id="20">20</span>
<span id="21">21</span>
<span id="22">22</span>
<span id="23">23</span>
<span id="24">24</span>
<span id="25">25</span>
<span id="26">26</span>
<span id="27">27</span>
<span id="28">28</span>
<span id="29">29</span>
<span id="30">30</span>
<span id="31">31</span>
<span id="32">32</span>
<span id="33">33</span>
<span id="34">34</span>
<span id="35">35</span>
<span id="36">36</span>
<span id="37">37</span>
<span id="38">38</span>
<span id="39">39</span>
<span id="40">40</span>
<span id="41">41</span>
<span id="42">42</span>
<span id="43">43</span>
<span id="44">44</span>
<span id="45">45</span>
<span id="46">46</span>
<span id="47">47</span>
<span id="48">48</span>
<span id="49">49</span>
<span id="50">50</span>
<span id="51">51</span>
<span id="52">52</span>
<span id="53">53</span>
<span id="54">54</span>
<span id="55">55</span>
<span id="56">56</span>
<span id="57">57</span>
<span id="58">58</span>
<span id="59">59</span>
<span id="60">60</span>
<span id="61">61</span>
<span id="62">62</span>
<span id="63">63</span>
<span id="64">64</span>
<span id="65">65</span>
<span id="66">66</span>
<span id="67">67</span>
<span id="68">68</span>
<span id="69">69</span>
<span id="70">70</span>
<span id="71">71</span>
<span id="72">72</span>
<span id="73">73</span>
<span id="74">74</span>
<span id="75">75</span>
<span id="76">76</span>
<span id="77">77</span>
<span id="78">78</span>
<span id="79">79</span>
<span id="80">80</span>
<span id="81">81</span>
<span id="82">82</span>
<span id="83">83</span>
<span id="84">84</span>
<span id="85">85</span>
<span id="86">86</span>
<span id="87">87</span>
<span id="88">88</span>
<span id="89">89</span>
<span id="90">90</span>
<span id="91">91</span>
<span id="92">92</span>
<span id="93">93</span>
<span id="94">94</span>
<span id="95">95</span>
<span id="96">96</span>
<span id="97">97</span>
<span id="98">98</span>
<span id="99">99</span>
<span id="100">100</span>
<span id="101">101</span>
<span id="102">102</span>
<span id="103">103</span>
<span id="104">104</span>
<span id="105">105</span>
<span id="106">106</span>
<span id="107">107</span>
<span id="108">108</span>
<span id="109">109</span>
<span id="110">110</span>
<span id="111">111</span>
<span id="112">112</span>
<span id="113">113</span>
<span id="114">114</span>
<span id="115">115</span>
<span id="116">116</span>
<span id="117">117</span>
<span id="118">118</span>
<span id="119">119</span>
<span id="120">120</span>
<span id="121">121</span>
<span id="122">122</span>
<span id="123">123</span>
<span id="124">124</span>
<span id="125">125</span>
<span id="126">126</span>
<span id="127">127</span>
<span id="128">128</span>
<span id="129">129</span>
<span id="130">130</span>
<span id="131">131</span>
<span id="132">132</span>
<span id="133">133</span>
<span id="134">134</span>
<span id="135">135</span>
<span id="136">136</span>
<span id="137">137</span>
<span id="138">138</span>
<span id="139">139</span>
<span id="140">140</span>
<span id="141">141</span>
<span id="142">142</span>
<span id="143">143</span>
<span id="144">144</span>
<span id="145">145</span>
<span id="146">146</span>
<span id="147">147</span>
<span id="148">148</span>
<span id="149">149</span>
<span id="150">150</span>
<span id="151">151</span>
<span id="152">152</span>
<span id="153">153</span>
<span id="154">154</span>
<span id="155">155</span>
<span id="156">156</span>
<span id="157">157</span>
<span id="158">158</span>
<span id="159">159</span>
<span id="160">160</span>
<span id="161">161</span>
<span id="162">162</span>
<span id="163">163</span>
<span id="164">164</span>
<span id="165">165</span>
<span id="166">166</span>
<span id="167">167</span>
<span id="168">168</span>
<span id="169">169</span>
<span id="170">170</span>
<span id="171">171</span>
<span id="172">172</span>
<span id="173">173</span>
<span id="174">174</span>
<span id="175">175</span>
<span id="176">176</span>
<span id="177">177</span>
<span id="178">178</span>
<span id="179">179</span>
<span id="180">180</span>
<span id="181">181</span>
<span id="182">182</span>
<span id="183">183</span>
<span id="184">184</span>
<span id="185">185</span>
<span id="186">186</span>
<span id="187">187</span>
<span id="188">188</span>
<span id="189">189</span>
<span id="190">190</span>
<span id="191">191</span>
<span id="192">192</span>
<span id="193">193</span>
<span id="194">194</span>
<span id="195">195</span>
<span id="196">196</span>
<span id="197">197</span>
<span id="198">198</span>
<span id="199">199</span>
<span id="200">200</span>
<span id="201">201</span>
<span id="202">202</span>
<span id="203">203</span>
<span id="204">204</span>
<span id="205">205</span>
<span id="206">206</span>
<span id="207">207</span>
<span id="208">208</span>
<span id="209">209</span>
<span id="210">210</span>
<span id="211">211</span>
<span id="212">212</span>
<span id="213">213</span>
<span id="214">214</span>
<span id="215">215</span>
<span id="216">216</span>
<span id="217">217</span>
<span id="218">218</span>
<span id="219">219</span>
<span id="220">220</span>
<span id="221">221</span>
<span id="222">222</span>
<span id="223">223</span>
<span id="224">224</span>
<span id="225">225</span>
<span id="226">226</span>
<span id="227">227</span>
<span id="228">228</span>
<span id="229">229</span>
<span id="230">230</span>
<span id="231">231</span>
<span id="232">232</span>
<span id="233">233</span>
<span id="234">234</span>
<span id="235">235</span>
<span id="236">236</span>
<span id="237">237</span>
<span id="238">238</span>
<span id="239">239</span>
<span id="240">240</span>
<span id="241">241</span>
<span id="242">242</span>
<span id="243">243</span>
<span id="244">244</span>
<span id="245">245</span>
<span id="246">246</span>
<span id="247">247</span>
<span id="248">248</span>
<span id="249">249</span>
<span id="250">250</span>
<span id="251">251</span>
<span id="252">252</span>
<span id="253">253</span>
<span id="254">254</span>
<span id="255">255</span>
<span id="256">256</span>
<span id="257">257</span>
<span id="258">258</span>
<span id="259">259</span>
<span id="260">260</span>
<span id="261">261</span>
<span id="262">262</span>
<span id="263">263</span>
<span id="264">264</span>
<span id="265">265</span>
<span id="266">266</span>
<span id="267">267</span>
<span id="268">268</span>
<span id="269">269</span>
<span id="270">270</span>
<span id="271">271</span>
<span id="272">272</span>
<span id="273">273</span>
<span id="274">274</span>
<span id="275">275</span>
<span id="276">276</span>
<span id="277">277</span>
<span id="278">278</span>
<span id="279">279</span>
<span id="280">280</span>
<span id="281">281</span>
<span id="282">282</span>
<span id="283">283</span>
<span id="284">284</span>
<span id="285">285</span>
<span id="286">286</span>
<span id="287">287</span>
<span id="288">288</span>
<span id="289">289</span>
<span id="290">290</span>
<span id="291">291</span>
<span id="292">292</span>
<span id="293">293</span>
<span id="294">294</span>
<span id="295">295</span>
<span id="296">296</span>
<span id="297">297</span>
<span id="298">298</span>
<span id="299">299</span>
<span id="300">300</span>
<span id="301">301</span>
<span id="302">302</span>
<span id="303">303</span>
<span id="304">304</span>
<span id="305">305</span>
<span id="306">306</span>
<span id="307">307</span>
<span id="308">308</span>
<span id="309">309</span>
<span id="310">310</span>
<span id="311">311</span>
<span id="312">312</span>
<span id="313">313</span>
<span id="314">314</span>
<span id="315">315</span>
<span id="316">316</span>
<span id="317">317</span>
<span id="318">318</span>
<span id="319">319</span>
<span id="320">320</span>
<span id="321">321</span>
<span id="322">322</span>
<span id="323">323</span>
<span id="324">324</span>
<span id="325">325</span>
<span id="326">326</span>
<span id="327">327</span>
<span id="328">328</span>
<span id="329">329</span>
<span id="330">330</span>
<span id="331">331</span>
<span id="332">332</span>
<span id="333">333</span>
<span id="334">334</span>
<span id="335">335</span>
<span id="336">336</span>
<span id="337">337</span>
<span id="338">338</span>
<span id="339">339</span>
<span id="340">340</span>
<span id="341">341</span>
<span id="342">342</span>
<span id="343">343</span>
<span id="344">344</span>
<span id="345">345</span>
<span id="346">346</span>
<span id="347">347</span>
<span id="348">348</span>
<span id="349">349</span>
<span id="350">350</span>
<span id="351">351</span>
<span id="352">352</span>
<span id="353">353</span>
<span id="354">354</span>
<span id="355">355</span>
<span id="356">356</span>
<span id="357">357</span>
<span id="358">358</span>
<span id="359">359</span>
<span id="360">360</span>
<span id="361">361</span>
<span id="362">362</span>
<span id="363">363</span>
<span id="364">364</span>
<span id="365">365</span>
<span id="366">366</span>
<span id="367">367</span>
<span id="368">368</span>
<span id="369">369</span>
<span id="370">370</span>
<span id="371">371</span>
<span id="372">372</span>
<span id="373">373</span>
<span id="374">374</span>
<span id="375">375</span>
<span id="376">376</span>
<span id="377">377</span>
<span id="378">378</span>
<span id="379">379</span>
<span id="380">380</span>
<span id="381">381</span>
<span id="382">382</span>
<span id="383">383</span>
<span id="384">384</span>
<span id="385">385</span>
<span id="386">386</span>
<span id="387">387</span>
<span id="388">388</span>
<span id="389">389</span>
<span id="390">390</span>
<span id="391">391</span>
<span id="392">392</span>
<span id="393">393</span>
<span id="394">394</span>
<span id="395">395</span>
<span id="396">396</span>
<span id="397">397</span>
<span id="398">398</span>
<span id="399">399</span>
<span id="400">400</span>
<span id="401">401</span>
<span id="402">402</span>
<span id="403">403</span>
<span id="404">404</span>
<span id="405">405</span>
<span id="406">406</span>
<span id="407">407</span>
<span id="408">408</span>
<span id="409">409</span>
<span id="410">410</span>
<span id="411">411</span>
<span id="412">412</span>
<span id="413">413</span>
<span id="414">414</span>
<span id="415">415</span>
<span id="416">416</span>
<span id="417">417</span>
<span id="418">418</span>
<span id="419">419</span>
<span id="420">420</span>
<span id="421">421</span>
<span id="422">422</span>
<span id="423">423</span>
<span id="424">424</span>
<span id="425">425</span>
<span id="426">426</span>
<span id="427">427</span>
<span id="428">428</span>
<span id="429">429</span>
<span id="430">430</span>
<span id="431">431</span>
<span id="432">432</span>
<span id="433">433</span>
<span id="434">434</span>
<span id="435">435</span>
<span id="436">436</span>
<span id="437">437</span>
<span id="438">438</span>
<span id="439">439</span>
<span id="440">440</span>
<span id="441">441</span>
<span id="442">442</span>
<span id="443">443</span>
<span id="444">444</span>
<span id="445">445</span>
<span id="446">446</span>
<span id="447">447</span>
<span id="448">448</span>
<span id="449">449</span>
<span id="450">450</span>
<span id="451">451</span>
<span id="452">452</span>
<span id="453">453</span>
<span id="454">454</span>
<span id="455">455</span>
<span id="456">456</span>
<span id="457">457</span>
<span id="458">458</span>
<span id="459">459</span>
<span id="460">460</span>
<span id="461">461</span>
<span id="462">462</span>
<span id="463">463</span>
<span id="464">464</span>
<span id="465">465</span>
<span id="466">466</span>
<span id="467">467</span>
<span id="468">468</span>
<span id="469">469</span>
<span id="470">470</span>
<span id="471">471</span>
<span id="472">472</span>
<span id="473">473</span>
<span id="474">474</span>
<span id="475">475</span>
<span id="476">476</span>
<span id="477">477</span>
<span id="478">478</span>
<span id="479">479</span>
<span id="480">480</span>
<span id="481">481</span>
<span id="482">482</span>
<span id="483">483</span>
<span id="484">484</span>
<span id="485">485</span>
<span id="486">486</span>
<span id="487">487</span>
<span id="488">488</span>
<span id="489">489</span>
<span id="490">490</span>
<span id="491">491</span>
<span id="492">492</span>
<span id="493">493</span>
<span id="494">494</span>
<span id="495">495</span>
<span id="496">496</span>
<span id="497">497</span>
<span id="498">498</span>
<span id="499">499</span>
<span id="500">500</span>
<span id="501">501</span>
<span id="502">502</span>
<span id="503">503</span>
<span id="504">504</span>
<span id="505">505</span>
<span id="506">506</span>
<span id="507">507</span>
<span id="508">508</span>
<span id="509">509</span>
<span id="510">510</span>
<span id="511">511</span>
<span id="512">512</span>
<span id="513">513</span>
<span id="514">514</span>
<span id="515">515</span>
<span id="516">516</span>
<span id="517">517</span>
<span id="518">518</span>
<span id="519">519</span>
<span id="520">520</span>
<span id="521">521</span>
<span id="522">522</span>
<span id="523">523</span>
<span id="524">524</span>
<span id="525">525</span>
<span id="526">526</span>
<span id="527">527</span>
<span id="528">528</span>
<span id="529">529</span>
<span id="530">530</span>
<span id="531">531</span>
<span id="532">532</span>
<span id="533">533</span>
<span id="534">534</span>
<span id="535">535</span>
<span id="536">536</span>
<span id="537">537</span>
<span id="538">538</span>
<span id="539">539</span>
<span id="540">540</span>
<span id="541">541</span>
<span id="542">542</span>
<span id="543">543</span>
<span id="544">544</span>
<span id="545">545</span>
<span id="546">546</span>
<span id="547">547</span>
<span id="548">548</span>
<span id="549">549</span>
<span id="550">550</span>
<span id="551">551</span>
<span id="552">552</span>
<span id="553">553</span>
<span id="554">554</span>
<span id="555">555</span>
<span id="556">556</span>
<span id="557">557</span>
<span id="558">558</span>
<span id="559">559</span>
<span id="560">560</span>
<span id="561">561</span>
<span id="562">562</span>
<span id="563">563</span>
<span id="564">564</span>
<span id="565">565</span>
<span id="566">566</span>
<span id="567">567</span>
<span id="568">568</span>
<span id="569">569</span>
<span id="570">570</span>
<span id="571">571</span>
<span id="572">572</span>
<span id="573">573</span>
<span id="574">574</span>
<span id="575">575</span>
<span id="576">576</span>
<span id="577">577</span>
<span id="578">578</span>
<span id="579">579</span>
<span id="580">580</span>
<span id="581">581</span>
<span id="582">582</span>
<span id="583">583</span>
<span id="584">584</span>
<span id="585">585</span>
<span id="586">586</span>
<span id="587">587</span>
<span id="588">588</span>
<span id="589">589</span>
<span id="590">590</span>
<span id="591">591</span>
<span id="592">592</span>
<span id="593">593</span>
<span id="594">594</span>
<span id="595">595</span>
<span id="596">596</span>
<span id="597">597</span>
<span id="598">598</span>
<span id="599">599</span>
<span id="600">600</span>
<span id="601">601</span>
<span id="602">602</span>
<span id="603">603</span>
<span id="604">604</span>
<span id="605">605</span>
<span id="606">606</span>
<span id="607">607</span>
<span id="608">608</span>
<span id="609">609</span>
<span id="610">610</span>
<span id="611">611</span>
<span id="612">612</span>
<span id="613">613</span>
<span id="614">614</span>
<span id="615">615</span>
<span id="616">616</span>
<span id="617">617</span>
<span id="618">618</span>
<span id="619">619</span>
<span id="620">620</span>
<span id="621">621</span>
<span id="622">622</span>
<span id="623">623</span>
<span id="624">624</span>
<span id="625">625</span>
<span id="626">626</span>
<span id="627">627</span>
<span id="628">628</span>
<span id="629">629</span>
<span id="630">630</span>
<span id="631">631</span>
<span id="632">632</span>
<span id="633">633</span>
<span id="634">634</span>
<span id="635">635</span>
<span id="636">636</span>
<span id="637">637</span>
<span id="638">638</span>
<span id="639">639</span>
<span id="640">640</span>
<span id="641">641</span>
<span id="642">642</span>
<span id="643">643</span>
<span id="644">644</span>
<span id="645">645</span>
<span id="646">646</span>
<span id="647">647</span>
<span id="648">648</span>
<span id="649">649</span>
<span id="650">650</span>
<span id="651">651</span>
<span id="652">652</span>
<span id="653">653</span>
<span id="654">654</span>
<span id="655">655</span>
<span id="656">656</span>
<span id="657">657</span>
<span id="658">658</span>
<span id="659">659</span>
<span id="660">660</span>
<span id="661">661</span>
<span id="662">662</span>
<span id="663">663</span>
<span id="664">664</span>
<span id="665">665</span>
<span id="666">666</span>
<span id="667">667</span>
<span id="668">668</span>
<span id="669">669</span>
<span id="670">670</span>
<span id="671">671</span>
<span id="672">672</span>
<span id="673">673</span>
<span id="674">674</span>
<span id="675">675</span>
<span id="676">676</span>
<span id="677">677</span>
<span id="678">678</span>
<span id="679">679</span>
<span id="680">680</span>
<span id="681">681</span>
<span id="682">682</span>
<span id="683">683</span>
<span id="684">684</span>
<span id="685">685</span>
<span id="686">686</span>
<span id="687">687</span>
<span id="688">688</span>
<span id="689">689</span>
<span id="690">690</span>
<span id="691">691</span>
<span id="692">692</span>
<span id="693">693</span>
<span id="694">694</span>
<span id="695">695</span>
<span id="696">696</span>
<span id="697">697</span>
<span id="698">698</span>
<span id="699">699</span>
<span id="700">700</span>
<span id="701">701</span>
<span id="702">702</span>
<span id="703">703</span>
<span id="704">704</span>
<span id="705">705</span>
<span id="706">706</span>
<span id="707">707</span>
<span id="708">708</span>
<span id="709">709</span>
<span id="710">710</span>
<span id="711">711</span>
<span id="712">712</span>
<span id="713">713</span>
<span id="714">714</span>
<span id="715">715</span>
<span id="716">716</span>
<span id="717">717</span>
<span id="718">718</span>
<span id="719">719</span>
<span id="720">720</span>
<span id="721">721</span>
<span id="722">722</span>
<span id="723">723</span>
<span id="724">724</span>
<span id="725">725</span>
<span id="726">726</span>
<span id="727">727</span>
<span id="728">728</span>
<span id="729">729</span>
<span id="730">730</span>
<span id="731">731</span>
<span id="732">732</span>
<span id="733">733</span>
<span id="734">734</span>
<span id="735">735</span>
<span id="736">736</span>
<span id="737">737</span>
<span id="738">738</span>
<span id="739">739</span>
<span id="740">740</span>
<span id="741">741</span>
<span id="742">742</span>
<span id="743">743</span>
<span id="744">744</span>
<span id="745">745</span>
<span id="746">746</span>
<span id="747">747</span>
<span id="748">748</span>
<span id="749">749</span>
<span id="750">750</span>
<span id="751">751</span>
<span id="752">752</span>
<span id="753">753</span>
<span id="754">754</span>
<span id="755">755</span>
<span id="756">756</span>
<span id="757">757</span>
<span id="758">758</span>
<span id="759">759</span>
<span id="760">760</span>
<span id="761">761</span>
<span id="762">762</span>
<span id="763">763</span>
<span id="764">764</span>
<span id="765">765</span>
<span id="766">766</span>
<span id="767">767</span>
<span id="768">768</span>
<span id="769">769</span>
<span id="770">770</span>
<span id="771">771</span>
<span id="772">772</span>
<span id="773">773</span>
<span id="774">774</span>
<span id="775">775</span>
<span id="776">776</span>
<span id="777">777</span>
<span id="778">778</span>
<span id="779">779</span>
<span id="780">780</span>
<span id="781">781</span>
<span id="782">782</span>
<span id="783">783</span>
<span id="784">784</span>
<span id="785">785</span>
<span id="786">786</span>
<span id="787">787</span>
<span id="788">788</span>
<span id="789">789</span>
<span id="790">790</span>
<span id="791">791</span>
<span id="792">792</span>
<span id="793">793</span>
<span id="794">794</span>
<span id="795">795</span>
<span id="796">796</span>
<span id="797">797</span>
<span id="798">798</span>
<span id="799">799</span>
<span id="800">800</span>
<span id="801">801</span>
<span id="802">802</span>
<span id="803">803</span>
<span id="804">804</span>
<span id="805">805</span>
<span id="806">806</span>
<span id="807">807</span>
<span id="808">808</span>
<span id="809">809</span>
<span id="810">810</span>
<span id="811">811</span>
<span id="812">812</span>
<span id="813">813</span>
<span id="814">814</span>
<span id="815">815</span>
<span id="816">816</span>
<span id="817">817</span>
<span id="818">818</span>
<span id="819">819</span>
<span id="820">820</span>
<span id="821">821</span>
<span id="822">822</span>
<span id="823">823</span>
<span id="824">824</span>
<span id="825">825</span>
<span id="826">826</span>
<span id="827">827</span>
<span id="828">828</span>
<span id="829">829</span>
<span id="830">830</span>
<span id="831">831</span>
<span id="832">832</span>
<span id="833">833</span>
<span id="834">834</span>
<span id="835">835</span>
<span id="836">836</span>
<span id="837">837</span>
<span id="838">838</span>
<span id="839">839</span>
<span id="840">840</span>
<span id="841">841</span>
<span id="842">842</span>
<span id="843">843</span>
<span id="844">844</span>
<span id="845">845</span>
<span id="846">846</span>
<span id="847">847</span>
<span id="848">848</span>
<span id="849">849</span>
<span id="850">850</span>
<span id="851">851</span>
<span id="852">852</span>
<span id="853">853</span>
<span id="854">854</span>
<span id="855">855</span>
<span id="856">856</span>
<span id="857">857</span>
<span id="858">858</span>
<span id="859">859</span>
<span id="860">860</span>
<span id="861">861</span>
<span id="862">862</span>
<span id="863">863</span>
<span id="864">864</span>
<span id="865">865</span>
<span id="866">866</span>
<span id="867">867</span>
<span id="868">868</span>
<span id="869">869</span>
<span id="870">870</span>
<span id="871">871</span>
<span id="872">872</span>
<span id="873">873</span>
<span id="874">874</span>
<span id="875">875</span>
<span id="876">876</span>
<span id="877">877</span>
<span id="878">878</span>
<span id="879">879</span>
<span id="880">880</span>
<span id="881">881</span>
<span id="882">882</span>
<span id="883">883</span>
<span id="884">884</span>
<span id="885">885</span>
<span id="886">886</span>
<span id="887">887</span>
<span id="888">888</span>
<span id="889">889</span>
<span id="890">890</span>
<span id="891">891</span>
<span id="892">892</span>
<span id="893">893</span>
<span id="894">894</span>
<span id="895">895</span>
<span id="896">896</span>
<span id="897">897</span>
<span id="898">898</span>
<span id="899">899</span>
<span id="900">900</span>
<span id="901">901</span>
<span id="902">902</span>
<span id="903">903</span>
<span id="904">904</span>
<span id="905">905</span>
<span id="906">906</span>
<span id="907">907</span>
<span id="908">908</span>
<span id="909">909</span>
<span id="910">910</span>
<span id="911">911</span>
<span id="912">912</span>
<span id="913">913</span>
<span id="914">914</span>
<span id="915">915</span>
<span id="916">916</span>
<span id="917">917</span>
<span id="918">918</span>
<span id="919">919</span>
<span id="920">920</span>
<span id="921">921</span>
<span id="922">922</span>
<span id="923">923</span>
<span id="924">924</span>
<span id="925">925</span>
<span id="926">926</span>
<span id="927">927</span>
<span id="928">928</span>
<span id="929">929</span>
<span id="930">930</span>
<span id="931">931</span>
<span id="932">932</span>
<span id="933">933</span>
<span id="934">934</span>
<span id="935">935</span>
<span id="936">936</span>
<span id="937">937</span>
<span id="938">938</span>
<span id="939">939</span>
<span id="940">940</span>
<span id="941">941</span>
<span id="942">942</span>
<span id="943">943</span>
<span id="944">944</span>
<span id="945">945</span>
<span id="946">946</span>
<span id="947">947</span>
<span id="948">948</span>
<span id="949">949</span>
<span id="950">950</span>
<span id="951">951</span>
<span id="952">952</span>
<span id="953">953</span>
<span id="954">954</span>
<span id="955">955</span>
<span id="956">956</span>
<span id="957">957</span>
<span id="958">958</span>
<span id="959">959</span>
<span id="960">960</span>
<span id="961">961</span>
<span id="962">962</span>
<span id="963">963</span>
<span id="964">964</span>
<span id="965">965</span>
<span id="966">966</span>
<span id="967">967</span>
<span id="968">968</span>
<span id="969">969</span>
<span id="970">970</span>
<span id="971">971</span>
<span id="972">972</span>
<span id="973">973</span>
<span id="974">974</span>
<span id="975">975</span>
<span id="976">976</span>
<span id="977">977</span>
<span id="978">978</span>
<span id="979">979</span>
<span id="980">980</span>
<span id="981">981</span>
<span id="982">982</span>
<span id="983">983</span>
<span id="984">984</span>
<span id="985">985</span>
<span id="986">986</span>
<span id="987">987</span>
<span id="988">988</span>
<span id="989">989</span>
<span id="990">990</span>
<span id="991">991</span>
<span id="992">992</span>
<span id="993">993</span>
<span id="994">994</span>
<span id="995">995</span>
<span id="996">996</span>
<span id="997">997</span>
<span id="998">998</span>
<span id="999">999</span>
<span id="1000">1000</span>
<span id="1001">1001</span>
<span id="1002">1002</span>
<span id="1003">1003</span>
<span id="1004">1004</span>
<span id="1005">1005</span>
<span id="1006">1006</span>
<span id="1007">1007</span>
<span id="1008">1008</span>
<span id="1009">1009</span>
<span id="1010">1010</span>
<span id="1011">1011</span>
<span id="1012">1012</span>
<span id="1013">1013</span>
<span id="1014">1014</span>
<span id="1015">1015</span>
<span id="1016">1016</span>
<span id="1017">1017</span>
<span id="1018">1018</span>
<span id="1019">1019</span>
<span id="1020">1020</span>
<span id="1021">1021</span>
<span id="1022">1022</span>
<span id="1023">1023</span>
<span id="1024">1024</span>
<span id="1025">1025</span>
<span id="1026">1026</span>
<span id="1027">1027</span>
<span id="1028">1028</span>
<span id="1029">1029</span>
<span id="1030">1030</span>
<span id="1031">1031</span>
<span id="1032">1032</span>
<span id="1033">1033</span>
<span id="1034">1034</span>
<span id="1035">1035</span>
<span id="1036">1036</span>
<span id="1037">1037</span>
<span id="1038">1038</span>
<span id="1039">1039</span>
<span id="1040">1040</span>
<span id="1041">1041</span>
<span id="1042">1042</span>
<span id="1043">1043</span>
<span id="1044">1044</span>
<span id="1045">1045</span>
<span id="1046">1046</span>
<span id="1047">1047</span>
<span id="1048">1048</span>
<span id="1049">1049</span>
<span id="1050">1050</span>
<span id="1051">1051</span>
<span id="1052">1052</span>
<span id="1053">1053</span>
<span id="1054">1054</span>
<span id="1055">1055</span>
<span id="1056">1056</span>
<span id="1057">1057</span>
<span id="1058">1058</span>
<span id="1059">1059</span>
<span id="1060">1060</span>
<span id="1061">1061</span>
<span id="1062">1062</span>
<span id="1063">1063</span>
<span id="1064">1064</span>
<span id="1065">1065</span>
<span id="1066">1066</span>
<span id="1067">1067</span>
<span id="1068">1068</span>
<span id="1069">1069</span>
<span id="1070">1070</span>
<span id="1071">1071</span>
<span id="1072">1072</span>
<span id="1073">1073</span>
<span id="1074">1074</span>
<span id="1075">1075</span>
<span id="1076">1076</span>
<span id="1077">1077</span>
<span id="1078">1078</span>
<span id="1079">1079</span>
<span id="1080">1080</span>
<span id="1081">1081</span>
<span id="1082">1082</span>
<span id="1083">1083</span>
<span id="1084">1084</span>
<span id="1085">1085</span>
<span id="1086">1086</span>
<span id="1087">1087</span>
<span id="1088">1088</span>
<span id="1089">1089</span>
<span id="1090">1090</span>
<span id="1091">1091</span>
<span id="1092">1092</span>
<span id="1093">1093</span>
<span id="1094">1094</span>
<span id="1095">1095</span>
<span id="1096">1096</span>
<span id="1097">1097</span>
<span id="1098">1098</span>
<span id="1099">1099</span>
<span id="1100">1100</span>
<span id="1101">1101</span>
<span id="1102">1102</span>
<span id="1103">1103</span>
<span id="1104">1104</span>
<span id="1105">1105</span>
<span id="1106">1106</span>
<span id="1107">1107</span>
<span id="1108">1108</span>
<span id="1109">1109</span>
<span id="1110">1110</span>
<span id="1111">1111</span>
<span id="1112">1112</span>
<span id="1113">1113</span>
<span id="1114">1114</span>
<span id="1115">1115</span>
<span id="1116">1116</span>
<span id="1117">1117</span>
<span id="1118">1118</span>
<span id="1119">1119</span>
<span id="1120">1120</span>
<span id="1121">1121</span>
<span id="1122">1122</span>
<span id="1123">1123</span>
<span id="1124">1124</span>
<span id="1125">1125</span>
<span id="1126">1126</span>
<span id="1127">1127</span>
<span id="1128">1128</span>
<span id="1129">1129</span>
<span id="1130">1130</span>
<span id="1131">1131</span>
<span id="1132">1132</span>
<span id="1133">1133</span>
<span id="1134">1134</span>
<span id="1135">1135</span>
<span id="1136">1136</span>
<span id="1137">1137</span>
<span id="1138">1138</span>
<span id="1139">1139</span>
<span id="1140">1140</span>
<span id="1141">1141</span>
<span id="1142">1142</span>
<span id="1143">1143</span>
<span id="1144">1144</span>
<span id="1145">1145</span>
<span id="1146">1146</span>
<span id="1147">1147</span>
<span id="1148">1148</span>
<span id="1149">1149</span>
<span id="1150">1150</span>
<span id="1151">1151</span>
<span id="1152">1152</span>
<span id="1153">1153</span>
<span id="1154">1154</span>
<span id="1155">1155</span>
<span id="1156">1156</span>
<span id="1157">1157</span>
<span id="1158">1158</span>
<span id="1159">1159</span>
<span id="1160">1160</span>
<span id="1161">1161</span>
<span id="1162">1162</span>
<span id="1163">1163</span>
<span id="1164">1164</span>
<span id="1165">1165</span>
<span id="1166">1166</span>
<span id="1167">1167</span>
<span id="1168">1168</span>
<span id="1169">1169</span>
<span id="1170">1170</span>
<span id="1171">1171</span>
<span id="1172">1172</span>
<span id="1173">1173</span>
<span id="1174">1174</span>
<span id="1175">1175</span>
<span id="1176">1176</span>
<span id="1177">1177</span>
<span id="1178">1178</span>
<span id="1179">1179</span>
<span id="1180">1180</span>
<span id="1181">1181</span>
<span id="1182">1182</span>
<span id="1183">1183</span>
<span id="1184">1184</span>
<span id="1185">1185</span>
<span id="1186">1186</span>
<span id="1187">1187</span>
<span id="1188">1188</span>
<span id="1189">1189</span>
<span id="1190">1190</span>
<span id="1191">1191</span>
<span id="1192">1192</span>
<span id="1193">1193</span>
<span id="1194">1194</span>
<span id="1195">1195</span>
<span id="1196">1196</span>
<span id="1197">1197</span>
<span id="1198">1198</span>
<span id="1199">1199</span>
<span id="1200">1200</span>
<span id="1201">1201</span>
<span id="1202">1202</span>
<span id="1203">1203</span>
<span id="1204">1204</span>
<span id="1205">1205</span>
<span id="1206">1206</span>
<span id="1207">1207</span>
<span id="1208">1208</span>
<span id="1209">1209</span>
<span id="1210">1210</span>
<span id="1211">1211</span>
<span id="1212">1212</span>
<span id="1213">1213</span>
<span id="1214">1214</span>
<span id="1215">1215</span>
<span id="1216">1216</span>
<span id="1217">1217</span>
<span id="1218">1218</span>
<span id="1219">1219</span>
<span id="1220">1220</span>
<span id="1221">1221</span>
<span id="1222">1222</span>
<span id="1223">1223</span>
<span id="1224">1224</span>
<span id="1225">1225</span>
<span id="1226">1226</span>
<span id="1227">1227</span>
<span id="1228">1228</span>
<span id="1229">1229</span>
<span id="1230">1230</span>
<span id="1231">1231</span>
<span id="1232">1232</span>
<span id="1233">1233</span>
<span id="1234">1234</span>
<span id="1235">1235</span>
<span id="1236">1236</span>
<span id="1237">1237</span>
<span id="1238">1238</span>
<span id="1239">1239</span>
<span id="1240">1240</span>
<span id="1241">1241</span>
<span id="1242">1242</span>
<span id="1243">1243</span>
<span id="1244">1244</span>
<span id="1245">1245</span>
<span id="1246">1246</span>
<span id="1247">1247</span>
<span id="1248">1248</span>
<span id="1249">1249</span>
<span id="1250">1250</span>
<span id="1251">1251</span>
<span id="1252">1252</span>
<span id="1253">1253</span>
<span id="1254">1254</span>
<span id="1255">1255</span>
<span id="1256">1256</span>
<span id="1257">1257</span>
<span id="1258">1258</span>
<span id="1259">1259</span>
<span id="1260">1260</span>
<span id="1261">1261</span>
<span id="1262">1262</span>
<span id="1263">1263</span>
<span id="1264">1264</span>
<span id="1265">1265</span>
<span id="1266">1266</span>
<span id="1267">1267</span>
<span id="1268">1268</span>
<span id="1269">1269</span>
<span id="1270">1270</span>
<span id="1271">1271</span>
<span id="1272">1272</span>
<span id="1273">1273</span>
<span id="1274">1274</span>
<span id="1275">1275</span>
<span id="1276">1276</span>
<span id="1277">1277</span>
<span id="1278">1278</span>
<span id="1279">1279</span>
<span id="1280">1280</span>
<span id="1281">1281</span>
<span id="1282">1282</span>
<span id="1283">1283</span>
<span id="1284">1284</span>
<span id="1285">1285</span>
<span id="1286">1286</span>
<span id="1287">1287</span>
<span id="1288">1288</span>
<span id="1289">1289</span>
<span id="1290">1290</span>
<span id="1291">1291</span>
<span id="1292">1292</span>
<span id="1293">1293</span>
<span id="1294">1294</span>
<span id="1295">1295</span>
<span id="1296">1296</span>
<span id="1297">1297</span>
<span id="1298">1298</span>
<span id="1299">1299</span>
<span id="1300">1300</span>
<span id="1301">1301</span>
<span id="1302">1302</span>
<span id="1303">1303</span>
<span id="1304">1304</span>
<span id="1305">1305</span>
<span id="1306">1306</span>
<span id="1307">1307</span>
<span id="1308">1308</span>
<span id="1309">1309</span>
<span id="1310">1310</span>
<span id="1311">1311</span>
<span id="1312">1312</span>
<span id="1313">1313</span>
<span id="1314">1314</span>
<span id="1315">1315</span>
<span id="1316">1316</span>
<span id="1317">1317</span>
<span id="1318">1318</span>
<span id="1319">1319</span>
<span id="1320">1320</span>
<span id="1321">1321</span>
<span id="1322">1322</span>
<span id="1323">1323</span>
<span id="1324">1324</span>
<span id="1325">1325</span>
<span id="1326">1326</span>
<span id="1327">1327</span>
<span id="1328">1328</span>
<span id="1329">1329</span>
<span id="1330">1330</span>
<span id="1331">1331</span>
<span id="1332">1332</span>
<span id="1333">1333</span>
<span id="1334">1334</span>
<span id="1335">1335</span>
<span id="1336">1336</span>
<span id="1337">1337</span>
<span id="1338">1338</span>
<span id="1339">1339</span>
<span id="1340">1340</span>
<span id="1341">1341</span>
<span id="1342">1342</span>
<span id="1343">1343</span>
<span id="1344">1344</span>
<span id="1345">1345</span>
<span id="1346">1346</span>
<span id="1347">1347</span>
<span id="1348">1348</span>
<span id="1349">1349</span>
<span id="1350">1350</span>
<span id="1351">1351</span>
<span id="1352">1352</span>
<span id="1353">1353</span>
<span id="1354">1354</span>
<span id="1355">1355</span>
<span id="1356">1356</span>
<span id="1357">1357</span>
<span id="1358">1358</span>
<span id="1359">1359</span>
<span id="1360">1360</span>
<span id="1361">1361</span>
<span id="1362">1362</span>
<span id="1363">1363</span>
<span id="1364">1364</span>
<span id="1365">1365</span>
<span id="1366">1366</span>
<span id="1367">1367</span>
<span id="1368">1368</span>
<span id="1369">1369</span>
<span id="1370">1370</span>
<span id="1371">1371</span>
<span id="1372">1372</span>
<span id="1373">1373</span>
<span id="1374">1374</span>
<span id="1375">1375</span>
<span id="1376">1376</span>
<span id="1377">1377</span>
<span id="1378">1378</span>
<span id="1379">1379</span>
<span id="1380">1380</span>
<span id="1381">1381</span>
<span id="1382">1382</span>
<span id="1383">1383</span>
<span id="1384">1384</span>
<span id="1385">1385</span>
<span id="1386">1386</span>
<span id="1387">1387</span>
<span id="1388">1388</span>
<span id="1389">1389</span>
<span id="1390">1390</span>
<span id="1391">1391</span>
<span id="1392">1392</span>
<span id="1393">1393</span>
<span id="1394">1394</span>
<span id="1395">1395</span>
<span id="1396">1396</span>
<span id="1397">1397</span>
<span id="1398">1398</span>
<span id="1399">1399</span>
<span id="1400">1400</span>
<span id="1401">1401</span>
<span id="1402">1402</span>
<span id="1403">1403</span>
<span id="1404">1404</span>
<span id="1405">1405</span>
<span id="1406">1406</span>
<span id="1407">1407</span>
<span id="1408">1408</span>
<span id="1409">1409</span>
<span id="1410">1410</span>
<span id="1411">1411</span>
<span id="1412">1412</span>
<span id="1413">1413</span>
<span id="1414">1414</span>
<span id="1415">1415</span>
<span id="1416">1416</span>
<span id="1417">1417</span>
<span id="1418">1418</span>
<span id="1419">1419</span>
<span id="1420">1420</span>
<span id="1421">1421</span>
<span id="1422">1422</span>
<span id="1423">1423</span>
<span id="1424">1424</span>
<span id="1425">1425</span>
<span id="1426">1426</span>
<span id="1427">1427</span>
<span id="1428">1428</span>
<span id="1429">1429</span>
<span id="1430">1430</span>
<span id="1431">1431</span>
<span id="1432">1432</span>
<span id="1433">1433</span>
<span id="1434">1434</span>
<span id="1435">1435</span>
<span id="1436">1436</span>
<span id="1437">1437</span>
<span id="1438">1438</span>
<span id="1439">1439</span>
<span id="1440">1440</span>
<span id="1441">1441</span>
<span id="1442">1442</span>
<span id="1443">1443</span>
<span id="1444">1444</span>
<span id="1445">1445</span>
<span id="1446">1446</span>
<span id="1447">1447</span>
<span id="1448">1448</span>
<span id="1449">1449</span>
<span id="1450">1450</span>
<span id="1451">1451</span>
<span id="1452">1452</span>
<span id="1453">1453</span>
<span id="1454">1454</span>
<span id="1455">1455</span>
<span id="1456">1456</span>
<span id="1457">1457</span>
<span id="1458">1458</span>
<span id="1459">1459</span>
<span id="1460">1460</span>
<span id="1461">1461</span>
<span id="1462">1462</span>
<span id="1463">1463</span>
<span id="1464">1464</span>
<span id="1465">1465</span>
<span id="1466">1466</span>
<span id="1467">1467</span>
<span id="1468">1468</span>
<span id="1469">1469</span>
<span id="1470">1470</span>
<span id="1471">1471</span>
<span id="1472">1472</span>
<span id="1473">1473</span>
<span id="1474">1474</span>
<span id="1475">1475</span>
<span id="1476">1476</span>
<span id="1477">1477</span>
<span id="1478">1478</span>
<span id="1479">1479</span>
<span id="1480">1480</span>
<span id="1481">1481</span>
<span id="1482">1482</span>
<span id="1483">1483</span>
<span id="1484">1484</span>
<span id="1485">1485</span>
<span id="1486">1486</span>
<span id="1487">1487</span>
<span id="1488">1488</span>
<span id="1489">1489</span>
<span id="1490">1490</span>
<span id="1491">1491</span>
<span id="1492">1492</span>
<span id="1493">1493</span>
<span id="1494">1494</span>
<span id="1495">1495</span>
<span id="1496">1496</span>
<span id="1497">1497</span>
<span id="1498">1498</span>
<span id="1499">1499</span>
<span id="1500">1500</span>
<span id="1501">1501</span>
<span id="1502">1502</span>
<span id="1503">1503</span>
<span id="1504">1504</span>
<span id="1505">1505</span>
<span id="1506">1506</span>
<span id="1507">1507</span>
<span id="1508">1508</span>
<span id="1509">1509</span>
<span id="1510">1510</span>
<span id="1511">1511</span>
<span id="1512">1512</span>
<span id="1513">1513</span>
<span id="1514">1514</span>
<span id="1515">1515</span>
<span id="1516">1516</span>
<span id="1517">1517</span>
<span id="1518">1518</span>
<span id="1519">1519</span>
<span id="1520">1520</span>
<span id="1521">1521</span>
<span id="1522">1522</span>
<span id="1523">1523</span>
<span id="1524">1524</span>
<span id="1525">1525</span>
<span id="1526">1526</span>
<span id="1527">1527</span>
<span id="1528">1528</span>
<span id="1529">1529</span>
<span id="1530">1530</span>
<span id="1531">1531</span>
<span id="1532">1532</span>
<span id="1533">1533</span>
<span id="1534">1534</span>
<span id="1535">1535</span>
<span id="1536">1536</span>
<span id="1537">1537</span>
<span id="1538">1538</span>
<span id="1539">1539</span>
<span id="1540">1540</span>
<span id="1541">1541</span>
<span id="1542">1542</span>
<span id="1543">1543</span>
<span id="1544">1544</span>
<span id="1545">1545</span>
<span id="1546">1546</span>
<span id="1547">1547</span>
<span id="1548">1548</span>
<span id="1549">1549</span>
<span id="1550">1550</span>
<span id="1551">1551</span>
<span id="1552">1552</span>
<span id="1553">1553</span>
<span id="1554">1554</span>
<span id="1555">1555</span>
<span id="1556">1556</span>
<span id="1557">1557</span>
<span id="1558">1558</span>
<span id="1559">1559</span>
<span id="1560">1560</span>
<span id="1561">1561</span>
<span id="1562">1562</span>
<span id="1563">1563</span>
<span id="1564">1564</span>
<span id="1565">1565</span>
<span id="1566">1566</span>
<span id="1567">1567</span>
<span id="1568">1568</span>
<span id="1569">1569</span>
<span id="1570">1570</span>
<span id="1571">1571</span>
<span id="1572">1572</span>
<span id="1573">1573</span>
<span id="1574">1574</span>
<span id="1575">1575</span>
<span id="1576">1576</span>
<span id="1577">1577</span>
<span id="1578">1578</span>
<span id="1579">1579</span>
<span id="1580">1580</span>
<span id="1581">1581</span>
<span id="1582">1582</span>
<span id="1583">1583</span>
<span id="1584">1584</span>
<span id="1585">1585</span>
<span id="1586">1586</span>
<span id="1587">1587</span>
<span id="1588">1588</span>
<span id="1589">1589</span>
<span id="1590">1590</span>
<span id="1591">1591</span>
<span id="1592">1592</span>
<span id="1593">1593</span>
<span id="1594">1594</span>
<span id="1595">1595</span>
<span id="1596">1596</span>
<span id="1597">1597</span>
<span id="1598">1598</span>
<span id="1599">1599</span>
<span id="1600">1600</span>
<span id="1601">1601</span>
<span id="1602">1602</span>
<span id="1603">1603</span>
<span id="1604">1604</span>
<span id="1605">1605</span>
<span id="1606">1606</span>
<span id="1607">1607</span>
<span id="1608">1608</span>
<span id="1609">1609</span>
<span id="1610">1610</span>
<span id="1611">1611</span>
<span id="1612">1612</span>
<span id="1613">1613</span>
<span id="1614">1614</span>
<span id="1615">1615</span>
<span id="1616">1616</span>
<span id="1617">1617</span>
<span id="1618">1618</span>
<span id="1619">1619</span>
<span id="1620">1620</span>
<span id="1621">1621</span>
<span id="1622">1622</span>
<span id="1623">1623</span>
<span id="1624">1624</span>
<span id="1625">1625</span>
<span id="1626">1626</span>
<span id="1627">1627</span>
<span id="1628">1628</span>
<span id="1629">1629</span>
<span id="1630">1630</span>
<span id="1631">1631</span>
<span id="1632">1632</span>
<span id="1633">1633</span>
<span id="1634">1634</span>
<span id="1635">1635</span>
<span id="1636">1636</span>
<span id="1637">1637</span>
<span id="1638">1638</span>
<span id="1639">1639</span>
<span id="1640">1640</span>
<span id="1641">1641</span>
<span id="1642">1642</span>
<span id="1643">1643</span>
<span id="1644">1644</span>
<span id="1645">1645</span>
<span id="1646">1646</span>
<span id="1647">1647</span>
<span id="1648">1648</span>
<span id="1649">1649</span>
<span id="1650">1650</span>
<span id="1651">1651</span>
<span id="1652">1652</span>
<span id="1653">1653</span>
<span id="1654">1654</span>
<span id="1655">1655</span>
<span id="1656">1656</span>
<span id="1657">1657</span>
<span id="1658">1658</span>
<span id="1659">1659</span>
<span id="1660">1660</span>
<span id="1661">1661</span>
<span id="1662">1662</span>
<span id="1663">1663</span>
<span id="1664">1664</span>
<span id="1665">1665</span>
<span id="1666">1666</span>
<span id="1667">1667</span>
<span id="1668">1668</span>
<span id="1669">1669</span>
<span id="1670">1670</span>
<span id="1671">1671</span>
<span id="1672">1672</span>
<span id="1673">1673</span>
<span id="1674">1674</span>
<span id="1675">1675</span>
<span id="1676">1676</span>
<span id="1677">1677</span>
<span id="1678">1678</span>
<span id="1679">1679</span>
<span id="1680">1680</span>
<span id="1681">1681</span>
<span id="1682">1682</span>
<span id="1683">1683</span>
<span id="1684">1684</span>
<span id="1685">1685</span>
<span id="1686">1686</span>
<span id="1687">1687</span>
<span id="1688">1688</span>
<span id="1689">1689</span>
<span id="1690">1690</span>
<span id="1691">1691</span>
<span id="1692">1692</span>
<span id="1693">1693</span>
<span id="1694">1694</span>
<span id="1695">1695</span>
<span id="1696">1696</span>
<span id="1697">1697</span>
<span id="1698">1698</span>
<span id="1699">1699</span>
<span id="1700">1700</span>
<span id="1701">1701</span>
<span id="1702">1702</span>
<span id="1703">1703</span>
<span id="1704">1704</span>
<span id="1705">1705</span>
<span id="1706">1706</span>
<span id="1707">1707</span>
<span id="1708">1708</span>
<span id="1709">1709</span>
<span id="1710">1710</span>
<span id="1711">1711</span>
<span id="1712">1712</span>
<span id="1713">1713</span>
<span id="1714">1714</span>
<span id="1715">1715</span>
<span id="1716">1716</span>
<span id="1717">1717</span>
<span id="1718">1718</span>
<span id="1719">1719</span>
<span id="1720">1720</span>
<span id="1721">1721</span>
<span id="1722">1722</span>
<span id="1723">1723</span>
<span id="1724">1724</span>
<span id="1725">1725</span>
<span id="1726">1726</span>
<span id="1727">1727</span>
<span id="1728">1728</span>
<span id="1729">1729</span>
<span id="1730">1730</span>
<span id="1731">1731</span>
<span id="1732">1732</span>
<span id="1733">1733</span>
<span id="1734">1734</span>
<span id="1735">1735</span>
<span id="1736">1736</span>
<span id="1737">1737</span>
<span id="1738">1738</span>
<span id="1739">1739</span>
<span id="1740">1740</span>
<span id="1741">1741</span>
<span id="1742">1742</span>
<span id="1743">1743</span>
<span id="1744">1744</span>
<span id="1745">1745</span>
<span id="1746">1746</span>
<span id="1747">1747</span>
<span id="1748">1748</span>
<span id="1749">1749</span>
<span id="1750">1750</span>
<span id="1751">1751</span>
<span id="1752">1752</span>
<span id="1753">1753</span>
<span id="1754">1754</span>
<span id="1755">1755</span>
<span id="1756">1756</span>
<span id="1757">1757</span>
<span id="1758">1758</span>
<span id="1759">1759</span>
<span id="1760">1760</span>
<span id="1761">1761</span>
<span id="1762">1762</span>
<span id="1763">1763</span>
<span id="1764">1764</span>
<span id="1765">1765</span>
<span id="1766">1766</span>
<span id="1767">1767</span>
<span id="1768">1768</span>
<span id="1769">1769</span>
<span id="1770">1770</span>
<span id="1771">1771</span>
<span id="1772">1772</span>
<span id="1773">1773</span>
<span id="1774">1774</span>
<span id="1775">1775</span>
<span id="1776">1776</span>
<span id="1777">1777</span>
<span id="1778">1778</span>
<span id="1779">1779</span>
<span id="1780">1780</span>
<span id="1781">1781</span>
<span id="1782">1782</span>
<span id="1783">1783</span>
<span id="1784">1784</span>
<span id="1785">1785</span>
<span id="1786">1786</span>
<span id="1787">1787</span>
<span id="1788">1788</span>
<span id="1789">1789</span>
<span id="1790">1790</span>
<span id="1791">1791</span>
<span id="1792">1792</span>
<span id="1793">1793</span>
<span id="1794">1794</span>
<span id="1795">1795</span>
<span id="1796">1796</span>
<span id="1797">1797</span>
<span id="1798">1798</span>
<span id="1799">1799</span>
<span id="1800">1800</span>
<span id="1801">1801</span>
<span id="1802">1802</span>
<span id="1803">1803</span>
<span id="1804">1804</span>
<span id="1805">1805</span>
<span id="1806">1806</span>
<span id="1807">1807</span>
<span id="1808">1808</span>
<span id="1809">1809</span>
<span id="1810">1810</span>
<span id="1811">1811</span>
<span id="1812">1812</span>
<span id="1813">1813</span>
<span id="1814">1814</span>
<span id="1815">1815</span>
<span id="1816">1816</span>
<span id="1817">1817</span>
<span id="1818">1818</span>
<span id="1819">1819</span>
<span id="1820">1820</span>
<span id="1821">1821</span>
<span id="1822">1822</span>
<span id="1823">1823</span>
<span id="1824">1824</span>
<span id="1825">1825</span>
<span id="1826">1826</span>
<span id="1827">1827</span>
<span id="1828">1828</span>
<span id="1829">1829</span>
<span id="1830">1830</span>
<span id="1831">1831</span>
<span id="1832">1832</span>
<span id="1833">1833</span>
<span id="1834">1834</span>
<span id="1835">1835</span>
<span id="1836">1836</span>
<span id="1837">1837</span>
<span id="1838">1838</span>
<span id="1839">1839</span>
<span id="1840">1840</span>
<span id="1841">1841</span>
<span id="1842">1842</span>
<span id="1843">1843</span>
<span id="1844">1844</span>
<span id="1845">1845</span>
<span id="1846">1846</span>
<span id="1847">1847</span>
<span id="1848">1848</span>
<span id="1849">1849</span>
<span id="1850">1850</span>
<span id="1851">1851</span>
<span id="1852">1852</span>
<span id="1853">1853</span>
<span id="1854">1854</span>
<span id="1855">1855</span>
<span id="1856">1856</span>
<span id="1857">1857</span>
<span id="1858">1858</span>
<span id="1859">1859</span>
<span id="1860">1860</span>
<span id="1861">1861</span>
<span id="1862">1862</span>
<span id="1863">1863</span>
<span id="1864">1864</span>
<span id="1865">1865</span>
<span id="1866">1866</span>
<span id="1867">1867</span>
<span id="1868">1868</span>
<span id="1869">1869</span>
<span id="1870">1870</span>
<span id="1871">1871</span>
<span id="1872">1872</span>
<span id="1873">1873</span>
<span id="1874">1874</span>
<span id="1875">1875</span>
<span id="1876">1876</span>
<span id="1877">1877</span>
<span id="1878">1878</span>
<span id="1879">1879</span>
<span id="1880">1880</span>
<span id="1881">1881</span>
<span id="1882">1882</span>
<span id="1883">1883</span>
<span id="1884">1884</span>
<span id="1885">1885</span>
<span id="1886">1886</span>
<span id="1887">1887</span>
<span id="1888">1888</span>
<span id="1889">1889</span>
<span id="1890">1890</span>
<span id="1891">1891</span>
<span id="1892">1892</span>
<span id="1893">1893</span>
<span id="1894">1894</span>
<span id="1895">1895</span>
<span id="1896">1896</span>
<span id="1897">1897</span>
<span id="1898">1898</span>
<span id="1899">1899</span>
<span id="1900">1900</span>
<span id="1901">1901</span>
<span id="1902">1902</span>
<span id="1903">1903</span>
<span id="1904">1904</span>
<span id="1905">1905</span>
<span id="1906">1906</span>
<span id="1907">1907</span>
<span id="1908">1908</span>
<span id="1909">1909</span>
<span id="1910">1910</span>
<span id="1911">1911</span>
<span id="1912">1912</span>
<span id="1913">1913</span>
<span id="1914">1914</span>
<span id="1915">1915</span>
<span id="1916">1916</span>
<span id="1917">1917</span>
<span id="1918">1918</span>
<span id="1919">1919</span>
<span id="1920">1920</span>
<span id="1921">1921</span>
<span id="1922">1922</span>
<span id="1923">1923</span>
<span id="1924">1924</span>
<span id="1925">1925</span>
<span id="1926">1926</span>
<span id="1927">1927</span>
<span id="1928">1928</span>
<span id="1929">1929</span>
<span id="1930">1930</span>
<span id="1931">1931</span>
<span id="1932">1932</span>
<span id="1933">1933</span>
<span id="1934">1934</span>
<span id="1935">1935</span>
<span id="1936">1936</span>
<span id="1937">1937</span>
<span id="1938">1938</span>
<span id="1939">1939</span>
<span id="1940">1940</span>
<span id="1941">1941</span>
<span id="1942">1942</span>
<span id="1943">1943</span>
<span id="1944">1944</span>
<span id="1945">1945</span>
<span id="1946">1946</span>
<span id="1947">1947</span>
<span id="1948">1948</span>
<span id="1949">1949</span>
<span id="1950">1950</span>
<span id="1951">1951</span>
<span id="1952">1952</span>
<span id="1953">1953</span>
<span id="1954">1954</span>
<span id="1955">1955</span>
<span id="1956">1956</span>
<span id="1957">1957</span>
<span id="1958">1958</span>
<span id="1959">1959</span>
<span id="1960">1960</span>
<span id="1961">1961</span>
<span id="1962">1962</span>
<span id="1963">1963</span>
<span id="1964">1964</span>
<span id="1965">1965</span>
<span id="1966">1966</span>
<span id="1967">1967</span>
<span id="1968">1968</span>
<span id="1969">1969</span>
<span id="1970">1970</span>
<span id="1971">1971</span>
<span id="1972">1972</span>
<span id="1973">1973</span>
<span id="1974">1974</span>
<span id="1975">1975</span>
<span id="1976">1976</span>
<span id="1977">1977</span>
<span id="1978">1978</span>
<span id="1979">1979</span>
<span id="1980">1980</span>
<span id="1981">1981</span>
<span id="1982">1982</span>
<span id="1983">1983</span>
<span id="1984">1984</span>
<span id="1985">1985</span>
<span id="1986">1986</span>
<span id="1987">1987</span>
<span id="1988">1988</span>
<span id="1989">1989</span>
<span id="1990">1990</span>
<span id="1991">1991</span>
<span id="1992">1992</span>
<span id="1993">1993</span>
<span id="1994">1994</span>
<span id="1995">1995</span>
<span id="1996">1996</span>
<span id="1997">1997</span>
<span id="1998">1998</span>
<span id="1999">1999</span>
<span id="2000">2000</span>
<span id="2001">2001</span>
<span id="2002">2002</span>
<span id="2003">2003</span>
<span id="2004">2004</span>
<span id="2005">2005</span>
<span id="2006">2006</span>
<span id="2007">2007</span>
<span id="2008">2008</span>
<span id="2009">2009</span>
<span id="2010">2010</span>
<span id="2011">2011</span>
<span id="2012">2012</span>
<span id="2013">2013</span>
<span id="2014">2014</span>
<span id="2015">2015</span>
<span id="2016">2016</span>
<span id="2017">2017</span>
<span id="2018">2018</span>
<span id="2019">2019</span>
<span id="2020">2020</span>
<span id="2021">2021</span>
<span id="2022">2022</span>
<span id="2023">2023</span>
<span id="2024">2024</span>
<span id="2025">2025</span>
<span id="2026">2026</span>
<span id="2027">2027</span>
<span id="2028">2028</span>
<span id="2029">2029</span>
<span id="2030">2030</span>
<span id="2031">2031</span>
<span id="2032">2032</span>
<span id="2033">2033</span>
<span id="2034">2034</span>
<span id="2035">2035</span>
<span id="2036">2036</span>
<span id="2037">2037</span>
<span id="2038">2038</span>
<span id="2039">2039</span>
<span id="2040">2040</span>
<span id="2041">2041</span>
<span id="2042">2042</span>
<span id="2043">2043</span>
<span id="2044">2044</span>
<span id="2045">2045</span>
<span id="2046">2046</span>
<span id="2047">2047</span>
<span id="2048">2048</span>
<span id="2049">2049</span>
<span id="2050">2050</span>
<span id="2051">2051</span>
<span id="2052">2052</span>
<span id="2053">2053</span>
<span id="2054">2054</span>
<span id="2055">2055</span>
<span id="2056">2056</span>
<span id="2057">2057</span>
<span id="2058">2058</span>
<span id="2059">2059</span>
<span id="2060">2060</span>
<span id="2061">2061</span>
<span id="2062">2062</span>
<span id="2063">2063</span>
<span id="2064">2064</span>
<span id="2065">2065</span>
<span id="2066">2066</span>
<span id="2067">2067</span>
<span id="2068">2068</span>
<span id="2069">2069</span>
<span id="2070">2070</span>
<span id="2071">2071</span>
<span id="2072">2072</span>
<span id="2073">2073</span>
<span id="2074">2074</span>
<span id="2075">2075</span>
<span id="2076">2076</span>
<span id="2077">2077</span>
<span id="2078">2078</span>
<span id="2079">2079</span>
<span id="2080">2080</span>
<span id="2081">2081</span>
<span id="2082">2082</span>
<span id="2083">2083</span>
<span id="2084">2084</span>
<span id="2085">2085</span>
<span id="2086">2086</span>
<span id="2087">2087</span>
<span id="2088">2088</span>
<span id="2089">2089</span>
<span id="2090">2090</span>
<span id="2091">2091</span>
<span id="2092">2092</span>
<span id="2093">2093</span>
<span id="2094">2094</span>
<span id="2095">2095</span>
<span id="2096">2096</span>
<span id="2097">2097</span>
<span id="2098">2098</span>
<span id="2099">2099</span>
<span id="2100">2100</span>
<span id="2101">2101</span>
<span id="2102">2102</span>
<span id="2103">2103</span>
<span id="2104">2104</span>
<span id="2105">2105</span>
<span id="2106">2106</span>
<span id="2107">2107</span>
<span id="2108">2108</span>
<span id="2109">2109</span>
<span id="2110">2110</span>
<span id="2111">2111</span>
<span id="2112">2112</span>
<span id="2113">2113</span>
<span id="2114">2114</span>
<span id="2115">2115</span>
<span id="2116">2116</span>
<span id="2117">2117</span>
<span id="2118">2118</span>
<span id="2119">2119</span>
<span id="2120">2120</span>
<span id="2121">2121</span>
<span id="2122">2122</span>
<span id="2123">2123</span>
<span id="2124">2124</span>
<span id="2125">2125</span>
<span id="2126">2126</span>
<span id="2127">2127</span>
<span id="2128">2128</span>
<span id="2129">2129</span>
<span id="2130">2130</span>
<span id="2131">2131</span>
<span id="2132">2132</span>
<span id="2133">2133</span>
<span id="2134">2134</span>
<span id="2135">2135</span>
<span id="2136">2136</span>
<span id="2137">2137</span>
<span id="2138">2138</span>
<span id="2139">2139</span>
<span id="2140">2140</span>
<span id="2141">2141</span>
<span id="2142">2142</span>
<span id="2143">2143</span>
<span id="2144">2144</span>
<span id="2145">2145</span>
<span id="2146">2146</span>
<span id="2147">2147</span>
<span id="2148">2148</span>
<span id="2149">2149</span>
<span id="2150">2150</span>
<span id="2151">2151</span>
<span id="2152">2152</span>
<span id="2153">2153</span>
<span id="2154">2154</span>
<span id="2155">2155</span>
<span id="2156">2156</span>
<span id="2157">2157</span>
<span id="2158">2158</span>
<span id="2159">2159</span>
<span id="2160">2160</span>
<span id="2161">2161</span>
<span id="2162">2162</span>
<span id="2163">2163</span>
<span id="2164">2164</span>
<span id="2165">2165</span>
<span id="2166">2166</span>
<span id="2167">2167</span>
<span id="2168">2168</span>
<span id="2169">2169</span>
<span id="2170">2170</span>
<span id="2171">2171</span>
<span id="2172">2172</span>
<span id="2173">2173</span>
<span id="2174">2174</span>
<span id="2175">2175</span>
<span id="2176">2176</span>
<span id="2177">2177</span>
<span id="2178">2178</span>
<span id="2179">2179</span>
<span id="2180">2180</span>
<span id="2181">2181</span>
<span id="2182">2182</span>
<span id="2183">2183</span>
<span id="2184">2184</span>
<span id="2185">2185</span>
<span id="2186">2186</span>
<span id="2187">2187</span>
<span id="2188">2188</span>
<span id="2189">2189</span>
<span id="2190">2190</span>
<span id="2191">2191</span>
<span id="2192">2192</span>
<span id="2193">2193</span>
<span id="2194">2194</span>
<span id="2195">2195</span>
<span id="2196">2196</span>
<span id="2197">2197</span>
<span id="2198">2198</span>
<span id="2199">2199</span>
<span id="2200">2200</span>
<span id="2201">2201</span>
<span id="2202">2202</span>
<span id="2203">2203</span>
<span id="2204">2204</span>
<span id="2205">2205</span>
<span id="2206">2206</span>
<span id="2207">2207</span>
<span id="2208">2208</span>
<span id="2209">2209</span>
<span id="2210">2210</span>
<span id="2211">2211</span>
<span id="2212">2212</span>
<span id="2213">2213</span>
<span id="2214">2214</span>
<span id="2215">2215</span>
<span id="2216">2216</span>
<span id="2217">2217</span>
<span id="2218">2218</span>
<span id="2219">2219</span>
<span id="2220">2220</span>
<span id="2221">2221</span>
<span id="2222">2222</span>
<span id="2223">2223</span>
<span id="2224">2224</span>
<span id="2225">2225</span>
<span id="2226">2226</span>
<span id="2227">2227</span>
<span id="2228">2228</span>
<span id="2229">2229</span>
<span id="2230">2230</span>
<span id="2231">2231</span>
<span id="2232">2232</span>
<span id="2233">2233</span>
<span id="2234">2234</span>
<span id="2235">2235</span>
<span id="2236">2236</span>
<span id="2237">2237</span>
<span id="2238">2238</span>
<span id="2239">2239</span>
<span id="2240">2240</span>
<span id="2241">2241</span>
<span id="2242">2242</span>
<span id="2243">2243</span>
<span id="2244">2244</span>
<span id="2245">2245</span>
<span id="2246">2246</span>
<span id="2247">2247</span>
<span id="2248">2248</span>
<span id="2249">2249</span>
<span id="2250">2250</span>
<span id="2251">2251</span>
<span id="2252">2252</span>
<span id="2253">2253</span>
<span id="2254">2254</span>
<span id="2255">2255</span>
<span id="2256">2256</span>
<span id="2257">2257</span>
<span id="2258">2258</span>
<span id="2259">2259</span>
<span id="2260">2260</span>
<span id="2261">2261</span>
<span id="2262">2262</span>
<span id="2263">2263</span>
<span id="2264">2264</span>
<span id="2265">2265</span>
<span id="2266">2266</span>
<span id="2267">2267</span>
<span id="2268">2268</span>
<span id="2269">2269</span>
<span id="2270">2270</span>
<span id="2271">2271</span>
<span id="2272">2272</span>
<span id="2273">2273</span>
<span id="2274">2274</span>
<span id="2275">2275</span>
<span id="2276">2276</span>
<span id="2277">2277</span>
<span id="2278">2278</span>
<span id="2279">2279</span>
<span id="2280">2280</span>
<span id="2281">2281</span>
<span id="2282">2282</span>
<span id="2283">2283</span>
<span id="2284">2284</span>
<span id="2285">2285</span>
<span id="2286">2286</span>
<span id="2287">2287</span>
<span id="2288">2288</span>
<span id="2289">2289</span>
<span id="2290">2290</span>
<span id="2291">2291</span>
<span id="2292">2292</span>
<span id="2293">2293</span>
<span id="2294">2294</span>
<span id="2295">2295</span>
<span id="2296">2296</span>
<span id="2297">2297</span>
<span id="2298">2298</span>
<span id="2299">2299</span>
<span id="2300">2300</span>
<span id="2301">2301</span>
<span id="2302">2302</span>
<span id="2303">2303</span>
<span id="2304">2304</span>
<span id="2305">2305</span>
<span id="2306">2306</span>
<span id="2307">2307</span>
<span id="2308">2308</span>
<span id="2309">2309</span>
<span id="2310">2310</span>
<span id="2311">2311</span>
<span id="2312">2312</span>
<span id="2313">2313</span>
<span id="2314">2314</span>
<span id="2315">2315</span>
<span id="2316">2316</span>
<span id="2317">2317</span>
<span id="2318">2318</span>
<span id="2319">2319</span>
<span id="2320">2320</span>
<span id="2321">2321</span>
<span id="2322">2322</span>
<span id="2323">2323</span>
<span id="2324">2324</span>
<span id="2325">2325</span>
<span id="2326">2326</span>
<span id="2327">2327</span>
<span id="2328">2328</span>
<span id="2329">2329</span>
<span id="2330">2330</span>
<span id="2331">2331</span>
<span id="2332">2332</span>
<span id="2333">2333</span>
<span id="2334">2334</span>
<span id="2335">2335</span>
<span id="2336">2336</span>
<span id="2337">2337</span>
<span id="2338">2338</span>
<span id="2339">2339</span>
<span id="2340">2340</span>
<span id="2341">2341</span>
<span id="2342">2342</span>
<span id="2343">2343</span>
<span id="2344">2344</span>
<span id="2345">2345</span>
<span id="2346">2346</span>
<span id="2347">2347</span>
<span id="2348">2348</span>
<span id="2349">2349</span>
<span id="2350">2350</span>
<span id="2351">2351</span>
<span id="2352">2352</span>
<span id="2353">2353</span>
<span id="2354">2354</span>
<span id="2355">2355</span>
<span id="2356">2356</span>
<span id="2357">2357</span>
<span id="2358">2358</span>
<span id="2359">2359</span>
<span id="2360">2360</span>
<span id="2361">2361</span>
<span id="2362">2362</span>
<span id="2363">2363</span>
<span id="2364">2364</span>
<span id="2365">2365</span>
<span id="2366">2366</span>
<span id="2367">2367</span>
<span id="2368">2368</span>
<span id="2369">2369</span>
<span id="2370">2370</span>
<span id="2371">2371</span>
<span id="2372">2372</span>
<span id="2373">2373</span>
<span id="2374">2374</span>
<span id="2375">2375</span>
<span id="2376">2376</span>
<span id="2377">2377</span>
<span id="2378">2378</span>
<span id="2379">2379</span>
<span id="2380">2380</span>
<span id="2381">2381</span>
<span id="2382">2382</span>
<span id="2383">2383</span>
<span id="2384">2384</span>
<span id="2385">2385</span>
<span id="2386">2386</span>
<span id="2387">2387</span>
<span id="2388">2388</span>
<span id="2389">2389</span>
<span id="2390">2390</span>
<span id="2391">2391</span>
<span id="2392">2392</span>
<span id="2393">2393</span>
<span id="2394">2394</span>
<span id="2395">2395</span>
<span id="2396">2396</span>
<span id="2397">2397</span>
<span id="2398">2398</span>
<span id="2399">2399</span>
<span id="2400">2400</span>
<span id="2401">2401</span>
<span id="2402">2402</span>
<span id="2403">2403</span>
<span id="2404">2404</span>
<span id="2405">2405</span>
<span id="2406">2406</span>
<span id="2407">2407</span>
<span id="2408">2408</span>
<span id="2409">2409</span>
<span id="2410">2410</span>
<span id="2411">2411</span>
<span id="2412">2412</span>
<span id="2413">2413</span>
<span id="2414">2414</span>
<span id="2415">2415</span>
<span id="2416">2416</span>
<span id="2417">2417</span>
<span id="2418">2418</span>
<span id="2419">2419</span>
<span id="2420">2420</span>
<span id="2421">2421</span>
<span id="2422">2422</span>
<span id="2423">2423</span>
<span id="2424">2424</span>
<span id="2425">2425</span>
<span id="2426">2426</span>
<span id="2427">2427</span>
<span id="2428">2428</span>
<span id="2429">2429</span>
<span id="2430">2430</span>
<span id="2431">2431</span>
<span id="2432">2432</span>
<span id="2433">2433</span>
<span id="2434">2434</span>
<span id="2435">2435</span>
<span id="2436">2436</span>
<span id="2437">2437</span>
<span id="2438">2438</span>
<span id="2439">2439</span>
<span id="2440">2440</span>
<span id="2441">2441</span>
<span id="2442">2442</span>
<span id="2443">2443</span>
<span id="2444">2444</span>
<span id="2445">2445</span>
<span id="2446">2446</span>
<span id="2447">2447</span>
<span id="2448">2448</span>
<span id="2449">2449</span>
<span id="2450">2450</span>
<span id="2451">2451</span>
<span id="2452">2452</span>
<span id="2453">2453</span>
<span id="2454">2454</span>
<span id="2455">2455</span>
<span id="2456">2456</span>
<span id="2457">2457</span>
<span id="2458">2458</span>
<span id="2459">2459</span>
<span id="2460">2460</span>
<span id="2461">2461</span>
<span id="2462">2462</span>
<span id="2463">2463</span>
<span id="2464">2464</span>
<span id="2465">2465</span>
<span id="2466">2466</span>
<span id="2467">2467</span>
<span id="2468">2468</span>
<span id="2469">2469</span>
<span id="2470">2470</span>
<span id="2471">2471</span>
<span id="2472">2472</span>
<span id="2473">2473</span>
<span id="2474">2474</span>
<span id="2475">2475</span>
<span id="2476">2476</span>
<span id="2477">2477</span>
<span id="2478">2478</span>
<span id="2479">2479</span>
<span id="2480">2480</span>
<span id="2481">2481</span>
<span id="2482">2482</span>
<span id="2483">2483</span>
<span id="2484">2484</span>
<span id="2485">2485</span>
<span id="2486">2486</span>
<span id="2487">2487</span>
<span id="2488">2488</span>
<span id="2489">2489</span>
<span id="2490">2490</span>
<span id="2491">2491</span>
<span id="2492">2492</span>
<span id="2493">2493</span>
<span id="2494">2494</span>
<span id="2495">2495</span>
<span id="2496">2496</span>
<span id="2497">2497</span>
<span id="2498">2498</span>
<span id="2499">2499</span>
<span id="2500">2500</span>
<span id="2501">2501</span>
<span id="2502">2502</span>
<span id="2503">2503</span>
<span id="2504">2504</span>
<span id="2505">2505</span>
<span id="2506">2506</span>
<span id="2507">2507</span>
<span id="2508">2508</span>
<span id="2509">2509</span>
<span id="2510">2510</span>
<span id="2511">2511</span>
<span id="2512">2512</span>
<span id="2513">2513</span>
<span id="2514">2514</span>
<span id="2515">2515</span>
<span id="2516">2516</span>
<span id="2517">2517</span>
<span id="2518">2518</span>
<span id="2519">2519</span>
<span id="2520">2520</span>
<span id="2521">2521</span>
<span id="2522">2522</span>
<span id="2523">2523</span>
<span id="2524">2524</span>
<span id="2525">2525</span>
<span id="2526">2526</span>
<span id="2527">2527</span>
<span id="2528">2528</span>
<span id="2529">2529</span>
<span id="2530">2530</span>
<span id="2531">2531</span>
<span id="2532">2532</span>
<span id="2533">2533</span>
</pre><pre class="rust"><code><span class="doccomment">//! The standard defining the format of public key certificates.
//!
//! An `X509` certificate binds an identity to a public key, and is either
//! signed by a certificate authority (CA) or self-signed. An entity that gets
//! a hold of a certificate can both verify your identity (via a CA) and encrypt
//! data with the included public key. `X509` certificates are used in many
//! Internet protocols, including SSL/TLS, which is the basis for HTTPS,
//! the secure protocol for browsing the web.
</span><span class="kw">use </span>cfg_if::cfg_if;
<span class="kw">use </span>foreign_types::{ForeignType, ForeignTypeRef, Opaque};
<span class="kw">use </span>libc::{c_int, c_long, c_uint, c_void};
<span class="kw">use </span>std::cmp::{<span class="self">self</span>, Ordering};
<span class="kw">use </span>std::convert::{TryFrom, TryInto};
<span class="kw">use </span>std::error::Error;
<span class="kw">use </span>std::ffi::{CStr, CString};
<span class="kw">use </span>std::fmt;
<span class="kw">use </span>std::marker::PhantomData;
<span class="kw">use </span>std::mem;
<span class="kw">use </span>std::net::IpAddr;
<span class="kw">use </span>std::path::Path;
<span class="kw">use </span>std::ptr;
<span class="kw">use </span>std::slice;
<span class="kw">use </span>std::str;
<span class="kw">use </span><span class="kw">crate</span>::asn1::{
Asn1BitStringRef, Asn1Enumerated, Asn1IntegerRef, Asn1Object, Asn1ObjectRef,
Asn1OctetStringRef, Asn1StringRef, Asn1TimeRef, Asn1Type,
};
<span class="kw">use </span><span class="kw">crate</span>::bio::MemBioSlice;
<span class="kw">use </span><span class="kw">crate</span>::conf::ConfRef;
<span class="kw">use </span><span class="kw">crate</span>::error::ErrorStack;
<span class="kw">use </span><span class="kw">crate</span>::ex_data::Index;
<span class="kw">use </span><span class="kw">crate</span>::hash::{DigestBytes, MessageDigest};
<span class="kw">use </span><span class="kw">crate</span>::nid::Nid;
<span class="kw">use </span><span class="kw">crate</span>::pkey::{HasPrivate, HasPublic, PKey, PKeyRef, Public};
<span class="kw">use </span><span class="kw">crate</span>::ssl::SslRef;
<span class="kw">use </span><span class="kw">crate</span>::stack::{Stack, StackRef, Stackable};
<span class="kw">use </span><span class="kw">crate</span>::string::OpensslString;
<span class="kw">use </span><span class="kw">crate</span>::util::{ForeignTypeExt, ForeignTypeRefExt};
<span class="kw">use crate</span>::{cvt, cvt_n, cvt_p};
<span class="kw">use </span>openssl_macros::corresponds;
<span class="attribute">#[cfg(any(ossl102, libressl261))]
</span><span class="kw">pub mod </span>verify;
<span class="kw">pub mod </span>extension;
<span class="kw">pub mod </span>store;
<span class="attribute">#[cfg(test)]
</span><span class="kw">mod </span>tests;
<span class="doccomment">/// A type of X509 extension.
///
/// # Safety
/// The value of NID and Output must match those in OpenSSL so that
/// `Output::from_ptr_opt(*_get_ext_d2i(*, NID, ...))` is valid.
</span><span class="kw">pub unsafe trait </span>ExtensionType {
<span class="kw">const </span>NID: Nid;
<span class="kw">type </span>Output: ForeignType;
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_STORE_CTX;
<span class="kw">fn </span>drop = ffi::X509_STORE_CTX_free;
<span class="doccomment">/// An `X509` certificate store context.
</span><span class="kw">pub struct </span>X509StoreContext;
<span class="doccomment">/// A reference to an [`X509StoreContext`].
</span><span class="kw">pub struct </span>X509StoreContextRef;
}
<span class="kw">impl </span>X509StoreContext {
<span class="doccomment">/// Returns the index which can be used to obtain a reference to the `Ssl` associated with a
/// context.
</span><span class="attribute">#[corresponds(SSL_get_ex_data_X509_STORE_CTX_idx)]
</span><span class="kw">pub fn </span>ssl_idx() -&gt; <span class="prelude-ty">Result</span>&lt;Index&lt;X509StoreContext, SslRef&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt_n(ffi::SSL_get_ex_data_X509_STORE_CTX_idx()).map(|idx| Index::from_raw(idx)) }
}
<span class="doccomment">/// Creates a new `X509StoreContext` instance.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_new)]
</span><span class="kw">pub fn </span>new() -&gt; <span class="prelude-ty">Result</span>&lt;X509StoreContext, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
cvt_p(ffi::X509_STORE_CTX_new()).map(X509StoreContext)
}
}
}
<span class="kw">impl </span>X509StoreContextRef {
<span class="doccomment">/// Returns application data pertaining to an `X509` store context.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_get_ex_data)]
</span><span class="kw">pub fn </span>ex_data&lt;T&gt;(<span class="kw-2">&amp;</span><span class="self">self</span>, index: Index&lt;X509StoreContext, T&gt;) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>T&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>data = ffi::X509_STORE_CTX_get_ex_data(<span class="self">self</span>.as_ptr(), index.as_raw());
<span class="kw">if </span>data.is_null() {
<span class="prelude-val">None
</span>} <span class="kw">else </span>{
<span class="prelude-val">Some</span>(<span class="kw-2">&amp;*</span>(data <span class="kw">as </span><span class="kw-2">*const </span>T))
}
}
}
<span class="doccomment">/// Returns the error code of the context.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_get_error)]
</span><span class="kw">pub fn </span>error(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; X509VerifyResult {
<span class="kw">unsafe </span>{ X509VerifyResult::from_raw(ffi::X509_STORE_CTX_get_error(<span class="self">self</span>.as_ptr())) }
}
<span class="doccomment">/// Initializes this context with the given certificate, certificates chain and certificate
/// store. After initializing the context, the `with_context` closure is called with the prepared
/// context. As long as the closure is running, the context stays initialized and can be used
/// to e.g. verify a certificate. The context will be cleaned up, after the closure finished.
///
/// * `trust` - The certificate store with the trusted certificates.
/// * `cert` - The certificate that should be verified.
/// * `cert_chain` - The certificates chain.
/// * `with_context` - The closure that is called with the initialized context.
///
/// This corresponds to [`X509_STORE_CTX_init`] before calling `with_context` and to
/// [`X509_STORE_CTX_cleanup`] after calling `with_context`.
///
/// [`X509_STORE_CTX_init`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_init.html
/// [`X509_STORE_CTX_cleanup`]: https://www.openssl.org/docs/manmaster/crypto/X509_STORE_CTX_cleanup.html
</span><span class="kw">pub fn </span>init&lt;F, T&gt;(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
trust: <span class="kw-2">&amp;</span>store::X509StoreRef,
cert: <span class="kw-2">&amp;</span>X509Ref,
cert_chain: <span class="kw-2">&amp;</span>StackRef&lt;X509&gt;,
with_context: F,
) -&gt; <span class="prelude-ty">Result</span>&lt;T, ErrorStack&gt;
<span class="kw">where
</span>F: FnOnce(<span class="kw-2">&amp;mut </span>X509StoreContextRef) -&gt; <span class="prelude-ty">Result</span>&lt;T, ErrorStack&gt;,
{
<span class="kw">struct </span>Cleanup&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="kw-2">mut </span>X509StoreContextRef);
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; Drop <span class="kw">for </span>Cleanup&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">fn </span>drop(<span class="kw-2">&amp;mut </span><span class="self">self</span>) {
<span class="kw">unsafe </span>{
ffi::X509_STORE_CTX_cleanup(<span class="self">self</span>.<span class="number">0</span>.as_ptr());
}
}
}
<span class="kw">unsafe </span>{
cvt(ffi::X509_STORE_CTX_init(
<span class="self">self</span>.as_ptr(),
trust.as_ptr(),
cert.as_ptr(),
cert_chain.as_ptr(),
))<span class="question-mark">?</span>;
<span class="kw">let </span>cleanup = Cleanup(<span class="self">self</span>);
with_context(cleanup.<span class="number">0</span>)
}
}
<span class="doccomment">/// Verifies the stored certificate.
///
/// Returns `true` if verification succeeds. The `error` method will return the specific
/// validation error if the certificate was not valid.
///
/// This will only work inside of a call to `init`.
</span><span class="attribute">#[corresponds(X509_verify_cert)]
</span><span class="kw">pub fn </span>verify_cert(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;bool, ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt_n(ffi::X509_verify_cert(<span class="self">self</span>.as_ptr())).map(|n| n != <span class="number">0</span>) }
}
<span class="doccomment">/// Set the error code of the context.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_set_error)]
</span><span class="kw">pub fn </span>set_error(<span class="kw-2">&amp;mut </span><span class="self">self</span>, result: X509VerifyResult) {
<span class="kw">unsafe </span>{
ffi::X509_STORE_CTX_set_error(<span class="self">self</span>.as_ptr(), result.as_raw());
}
}
<span class="doccomment">/// Returns a reference to the certificate which caused the error or None if
/// no certificate is relevant to the error.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_get_current_cert)]
</span><span class="kw">pub fn </span>current_cert(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>X509Ref&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>ptr = ffi::X509_STORE_CTX_get_current_cert(<span class="self">self</span>.as_ptr());
X509Ref::from_const_ptr_opt(ptr)
}
}
<span class="doccomment">/// Returns a non-negative integer representing the depth in the certificate
/// chain where the error occurred. If it is zero it occurred in the end
/// entity certificate, one if it is the certificate which signed the end
/// entity certificate and so on.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_get_error_depth)]
</span><span class="kw">pub fn </span>error_depth(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; u32 {
<span class="kw">unsafe </span>{ ffi::X509_STORE_CTX_get_error_depth(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32 }
}
<span class="doccomment">/// Returns a reference to a complete valid `X509` certificate chain.
</span><span class="attribute">#[corresponds(X509_STORE_CTX_get0_chain)]
</span><span class="kw">pub fn </span>chain(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>StackRef&lt;X509&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>chain = X509_STORE_CTX_get0_chain(<span class="self">self</span>.as_ptr());
<span class="kw">if </span>chain.is_null() {
<span class="prelude-val">None
</span>} <span class="kw">else </span>{
<span class="prelude-val">Some</span>(StackRef::from_ptr(chain))
}
}
}
}
<span class="doccomment">/// A builder used to construct an `X509`.
</span><span class="kw">pub struct </span>X509Builder(X509);
<span class="kw">impl </span>X509Builder {
<span class="doccomment">/// Creates a new builder.
</span><span class="attribute">#[corresponds(X509_new)]
</span><span class="kw">pub fn </span>new() -&gt; <span class="prelude-ty">Result</span>&lt;X509Builder, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
cvt_p(ffi::X509_new()).map(|p| X509Builder(X509(p)))
}
}
<span class="doccomment">/// Sets the notAfter constraint on the certificate.
</span><span class="attribute">#[corresponds(X509_set1_notAfter)]
</span><span class="kw">pub fn </span>set_not_after(<span class="kw-2">&amp;mut </span><span class="self">self</span>, not_after: <span class="kw-2">&amp;</span>Asn1TimeRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt(X509_set1_notAfter(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), not_after.as_ptr())).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Sets the notBefore constraint on the certificate.
</span><span class="attribute">#[corresponds(X509_set1_notBefore)]
</span><span class="kw">pub fn </span>set_not_before(<span class="kw-2">&amp;mut </span><span class="self">self</span>, not_before: <span class="kw-2">&amp;</span>Asn1TimeRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt(X509_set1_notBefore(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), not_before.as_ptr())).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Sets the version of the certificate.
///
/// Note that the version is zero-indexed; that is, a certificate corresponding to version 3 of
/// the X.509 standard should pass `2` to this method.
</span><span class="attribute">#[corresponds(X509_set_version)]
#[allow(clippy::useless_conversion)]
</span><span class="kw">pub fn </span>set_version(<span class="kw-2">&amp;mut </span><span class="self">self</span>, version: i32) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt(ffi::X509_set_version(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), version <span class="kw">as </span>c_long)).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Sets the serial number of the certificate.
</span><span class="attribute">#[corresponds(X509_set_serialNumber)]
</span><span class="kw">pub fn </span>set_serial_number(<span class="kw-2">&amp;mut </span><span class="self">self</span>, serial_number: <span class="kw-2">&amp;</span>Asn1IntegerRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_set_serialNumber(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
serial_number.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Sets the issuer name of the certificate.
</span><span class="attribute">#[corresponds(X509_set_issuer_name)]
</span><span class="kw">pub fn </span>set_issuer_name(<span class="kw-2">&amp;mut </span><span class="self">self</span>, issuer_name: <span class="kw-2">&amp;</span>X509NameRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_set_issuer_name(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
issuer_name.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Sets the subject name of the certificate.
///
/// When building certificates, the `C`, `ST`, and `O` options are common when using the openssl command line tools.
/// The `CN` field is used for the common name, such as a DNS name.
///
/// ```
/// use openssl::x509::{X509, X509NameBuilder};
///
/// let mut x509_name = openssl::x509::X509NameBuilder::new().unwrap();
/// x509_name.append_entry_by_text(&quot;C&quot;, &quot;US&quot;).unwrap();
/// x509_name.append_entry_by_text(&quot;ST&quot;, &quot;CA&quot;).unwrap();
/// x509_name.append_entry_by_text(&quot;O&quot;, &quot;Some organization&quot;).unwrap();
/// x509_name.append_entry_by_text(&quot;CN&quot;, &quot;www.example.com&quot;).unwrap();
/// let x509_name = x509_name.build();
///
/// let mut x509 = openssl::x509::X509::builder().unwrap();
/// x509.set_subject_name(&amp;x509_name).unwrap();
/// ```
</span><span class="attribute">#[corresponds(X509_set_subject_name)]
</span><span class="kw">pub fn </span>set_subject_name(<span class="kw-2">&amp;mut </span><span class="self">self</span>, subject_name: <span class="kw-2">&amp;</span>X509NameRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_set_subject_name(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
subject_name.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Sets the public key associated with the certificate.
</span><span class="attribute">#[corresponds(X509_set_pubkey)]
</span><span class="kw">pub fn </span>set_pubkey&lt;T&gt;(<span class="kw-2">&amp;mut </span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt;
<span class="kw">where
</span>T: HasPublic,
{
<span class="kw">unsafe </span>{ cvt(ffi::X509_set_pubkey(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr())).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Returns a context object which is needed to create certain X509 extension values.
///
/// Set `issuer` to `None` if the certificate will be self-signed.
</span><span class="attribute">#[corresponds(X509V3_set_ctx)]
</span><span class="kw">pub fn </span>x509v3_context&lt;<span class="lifetime">&#39;a</span>&gt;(
<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="self">self</span>,
issuer: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509Ref&gt;,
conf: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>ConfRef&gt;,
) -&gt; X509v3Context&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>ctx = mem::zeroed();
<span class="kw">let </span>issuer = <span class="kw">match </span>issuer {
<span class="prelude-val">Some</span>(issuer) =&gt; issuer.as_ptr(),
<span class="prelude-val">None </span>=&gt; <span class="self">self</span>.<span class="number">0</span>.as_ptr(),
};
<span class="kw">let </span>subject = <span class="self">self</span>.<span class="number">0</span>.as_ptr();
ffi::X509V3_set_ctx(
<span class="kw-2">&amp;mut </span>ctx,
issuer,
subject,
ptr::null_mut(),
ptr::null_mut(),
<span class="number">0</span>,
);
<span class="comment">// nodb case taken care of since we zeroed ctx above
</span><span class="kw">if let </span><span class="prelude-val">Some</span>(conf) = conf {
ffi::X509V3_set_nconf(<span class="kw-2">&amp;mut </span>ctx, conf.as_ptr());
}
X509v3Context(ctx, PhantomData)
}
}
<span class="doccomment">/// Adds an X509 extension value to the certificate.
///
/// This works just as `append_extension` except it takes ownership of the `X509Extension`.
</span><span class="kw">pub fn </span>append_extension(<span class="kw-2">&amp;mut </span><span class="self">self</span>, extension: X509Extension) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="self">self</span>.append_extension2(<span class="kw-2">&amp;</span>extension)
}
<span class="doccomment">/// Adds an X509 extension value to the certificate.
</span><span class="attribute">#[corresponds(X509_add_ext)]
</span><span class="kw">pub fn </span>append_extension2(<span class="kw-2">&amp;mut </span><span class="self">self</span>, extension: <span class="kw-2">&amp;</span>X509ExtensionRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_add_ext(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), extension.as_ptr(), -<span class="number">1</span>))<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(())
}
}
<span class="doccomment">/// Signs the certificate with a private key.
</span><span class="attribute">#[corresponds(X509_sign)]
</span><span class="kw">pub fn </span>sign&lt;T&gt;(<span class="kw-2">&amp;mut </span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;, hash: MessageDigest) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt;
<span class="kw">where
</span>T: HasPrivate,
{
<span class="kw">unsafe </span>{ cvt(ffi::X509_sign(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Consumes the builder, returning the certificate.
</span><span class="kw">pub fn </span>build(<span class="self">self</span>) -&gt; X509 {
<span class="self">self</span>.<span class="number">0
</span>}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509;
<span class="kw">fn </span>drop = ffi::X509_free;
<span class="doccomment">/// An `X509` public key certificate.
</span><span class="kw">pub struct </span>X509;
<span class="doccomment">/// Reference to `X509`.
</span><span class="kw">pub struct </span>X509Ref;
}
<span class="attribute">#[cfg(boringssl)]
</span><span class="kw">type </span>X509LenTy = c_uint;
<span class="attribute">#[cfg(not(boringssl))]
</span><span class="kw">type </span>X509LenTy = c_int;
<span class="kw">impl </span>X509Ref {
<span class="doccomment">/// Returns this certificate&#39;s subject name.
</span><span class="attribute">#[corresponds(X509_get_subject_name)]
</span><span class="kw">pub fn </span>subject_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509NameRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>name = ffi::X509_get_subject_name(<span class="self">self</span>.as_ptr());
X509NameRef::from_const_ptr_opt(name).expect(<span class="string">&quot;subject name must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the hash of the certificates subject
</span><span class="attribute">#[corresponds(X509_subject_name_hash)]
</span><span class="kw">pub fn </span>subject_name_hash(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; u32 {
<span class="attribute">#[allow(clippy::unnecessary_cast)]
</span><span class="kw">unsafe </span>{
ffi::X509_subject_name_hash(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32
}
}
<span class="doccomment">/// Returns this certificate&#39;s issuer name.
</span><span class="attribute">#[corresponds(X509_get_issuer_name)]
</span><span class="kw">pub fn </span>issuer_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509NameRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>name = ffi::X509_get_issuer_name(<span class="self">self</span>.as_ptr());
X509NameRef::from_const_ptr_opt(name).expect(<span class="string">&quot;issuer name must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the hash of the certificates issuer
</span><span class="attribute">#[corresponds(X509_issuer_name_hash)]
</span><span class="kw">pub fn </span>issuer_name_hash(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; u32 {
<span class="attribute">#[allow(clippy::unnecessary_cast)]
</span><span class="kw">unsafe </span>{
ffi::X509_issuer_name_hash(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>u32
}
}
<span class="doccomment">/// Returns this certificate&#39;s subject alternative name entries, if they exist.
</span><span class="attribute">#[corresponds(X509_get_ext_d2i)]
</span><span class="kw">pub fn </span>subject_alt_names(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Stack&lt;GeneralName&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>stack = ffi::X509_get_ext_d2i(
<span class="self">self</span>.as_ptr(),
ffi::NID_subject_alt_name,
ptr::null_mut(),
ptr::null_mut(),
);
Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Returns this certificate&#39;s CRL distribution points, if they exist.
</span><span class="attribute">#[corresponds(X509_get_ext_d2i)]
</span><span class="kw">pub fn </span>crl_distribution_points(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Stack&lt;DistPoint&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>stack = ffi::X509_get_ext_d2i(
<span class="self">self</span>.as_ptr(),
ffi::NID_crl_distribution_points,
ptr::null_mut(),
ptr::null_mut(),
);
Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Returns this certificate&#39;s issuer alternative name entries, if they exist.
</span><span class="attribute">#[corresponds(X509_get_ext_d2i)]
</span><span class="kw">pub fn </span>issuer_alt_names(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Stack&lt;GeneralName&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>stack = ffi::X509_get_ext_d2i(
<span class="self">self</span>.as_ptr(),
ffi::NID_issuer_alt_name,
ptr::null_mut(),
ptr::null_mut(),
);
Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Returns this certificate&#39;s [`authority information access`] entries, if they exist.
///
/// [`authority information access`]: https://tools.ietf.org/html/rfc5280#section-4.2.2.1
</span><span class="attribute">#[corresponds(X509_get_ext_d2i)]
</span><span class="kw">pub fn </span>authority_info(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;Stack&lt;AccessDescription&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>stack = ffi::X509_get_ext_d2i(
<span class="self">self</span>.as_ptr(),
ffi::NID_info_access,
ptr::null_mut(),
ptr::null_mut(),
);
Stack::from_ptr_opt(stack <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Retrieves the path length extension from a certificate, if it exists.
</span><span class="attribute">#[corresponds(X509_get_pathlen)]
#[cfg(ossl110)]
</span><span class="kw">pub fn </span>pathlen(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;u32&gt; {
<span class="kw">let </span>v = <span class="kw">unsafe </span>{ ffi::X509_get_pathlen(<span class="self">self</span>.as_ptr()) };
u32::try_from(v).ok()
}
<span class="doccomment">/// Returns this certificate&#39;s subject key id, if it exists.
</span><span class="attribute">#[corresponds(X509_get0_subject_key_id)]
#[cfg(ossl110)]
</span><span class="kw">pub fn </span>subject_key_id(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>Asn1OctetStringRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>data = ffi::X509_get0_subject_key_id(<span class="self">self</span>.as_ptr());
Asn1OctetStringRef::from_const_ptr_opt(data)
}
}
<span class="doccomment">/// Returns this certificate&#39;s authority key id, if it exists.
</span><span class="attribute">#[corresponds(X509_get0_authority_key_id)]
#[cfg(ossl110)]
</span><span class="kw">pub fn </span>authority_key_id(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>Asn1OctetStringRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>data = ffi::X509_get0_authority_key_id(<span class="self">self</span>.as_ptr());
Asn1OctetStringRef::from_const_ptr_opt(data)
}
}
<span class="doccomment">/// Returns this certificate&#39;s authority issuer name entries, if they exist.
</span><span class="attribute">#[corresponds(X509_get0_authority_issuer)]
#[cfg(ossl111d)]
</span><span class="kw">pub fn </span>authority_issuer(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>StackRef&lt;GeneralName&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>stack = ffi::X509_get0_authority_issuer(<span class="self">self</span>.as_ptr());
StackRef::from_const_ptr_opt(stack)
}
}
<span class="doccomment">/// Returns this certificate&#39;s authority serial number, if it exists.
</span><span class="attribute">#[corresponds(X509_get0_authority_serial)]
#[cfg(ossl111d)]
</span><span class="kw">pub fn </span>authority_serial(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>Asn1IntegerRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>r = ffi::X509_get0_authority_serial(<span class="self">self</span>.as_ptr());
Asn1IntegerRef::from_const_ptr_opt(r)
}
}
<span class="attribute">#[corresponds(X509_get_pubkey)]
</span><span class="kw">pub fn </span>public_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;PKey&lt;Public&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>pkey = cvt_p(ffi::X509_get_pubkey(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(PKey::from_ptr(pkey))
}
}
<span class="doccomment">/// Returns a digest of the DER representation of the certificate.
</span><span class="attribute">#[corresponds(X509_digest)]
</span><span class="kw">pub fn </span>digest(<span class="kw-2">&amp;</span><span class="self">self</span>, hash_type: MessageDigest) -&gt; <span class="prelude-ty">Result</span>&lt;DigestBytes, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>digest = DigestBytes {
buf: [<span class="number">0</span>; ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>usize],
len: ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>usize,
};
<span class="kw">let </span><span class="kw-2">mut </span>len = ffi::EVP_MAX_MD_SIZE <span class="kw">as </span>c_uint;
cvt(ffi::X509_digest(
<span class="self">self</span>.as_ptr(),
hash_type.as_ptr(),
digest.buf.as_mut_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
<span class="kw-2">&amp;mut </span>len,
))<span class="question-mark">?</span>;
digest.len = len <span class="kw">as </span>usize;
<span class="prelude-val">Ok</span>(digest)
}
}
<span class="attribute">#[deprecated(since = <span class="string">&quot;0.10.9&quot;</span>, note = <span class="string">&quot;renamed to digest&quot;</span>)]
</span><span class="kw">pub fn </span>fingerprint(<span class="kw-2">&amp;</span><span class="self">self</span>, hash_type: MessageDigest) -&gt; <span class="prelude-ty">Result</span>&lt;Vec&lt;u8&gt;, ErrorStack&gt; {
<span class="self">self</span>.digest(hash_type).map(|b| b.to_vec())
}
<span class="doccomment">/// Returns the certificate&#39;s Not After validity period.
</span><span class="attribute">#[corresponds(X509_getm_notAfter)]
</span><span class="kw">pub fn </span>not_after(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1TimeRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>date = X509_getm_notAfter(<span class="self">self</span>.as_ptr());
Asn1TimeRef::from_const_ptr_opt(date).expect(<span class="string">&quot;not_after must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the certificate&#39;s Not Before validity period.
</span><span class="attribute">#[corresponds(X509_getm_notBefore)]
</span><span class="kw">pub fn </span>not_before(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1TimeRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>date = X509_getm_notBefore(<span class="self">self</span>.as_ptr());
Asn1TimeRef::from_const_ptr_opt(date).expect(<span class="string">&quot;not_before must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the certificate&#39;s signature
</span><span class="attribute">#[corresponds(X509_get0_signature)]
</span><span class="kw">pub fn </span>signature(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1BitStringRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>signature = ptr::null();
X509_get0_signature(<span class="kw-2">&amp;mut </span>signature, ptr::null_mut(), <span class="self">self</span>.as_ptr());
Asn1BitStringRef::from_const_ptr_opt(signature).expect(<span class="string">&quot;signature must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the certificate&#39;s signature algorithm.
</span><span class="attribute">#[corresponds(X509_get0_signature)]
</span><span class="kw">pub fn </span>signature_algorithm(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509AlgorithmRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>algor = ptr::null();
X509_get0_signature(ptr::null_mut(), <span class="kw-2">&amp;mut </span>algor, <span class="self">self</span>.as_ptr());
X509AlgorithmRef::from_const_ptr_opt(algor)
.expect(<span class="string">&quot;signature algorithm must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the list of OCSP responder URLs specified in the certificate&#39;s Authority Information
/// Access field.
</span><span class="attribute">#[corresponds(X509_get1_ocsp)]
</span><span class="kw">pub fn </span>ocsp_responders(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;Stack&lt;OpensslString&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt_p(ffi::X509_get1_ocsp(<span class="self">self</span>.as_ptr())).map(|p| Stack::from_ptr(p)) }
}
<span class="doccomment">/// Checks that this certificate issued `subject`.
</span><span class="attribute">#[corresponds(X509_check_issued)]
</span><span class="kw">pub fn </span>issued(<span class="kw-2">&amp;</span><span class="self">self</span>, subject: <span class="kw-2">&amp;</span>X509Ref) -&gt; X509VerifyResult {
<span class="kw">unsafe </span>{
<span class="kw">let </span>r = ffi::X509_check_issued(<span class="self">self</span>.as_ptr(), subject.as_ptr());
X509VerifyResult::from_raw(r)
}
}
<span class="doccomment">/// Returns certificate version. If this certificate has no explicit version set, it defaults to
/// version 1.
///
/// Note that `0` return value stands for version 1, `1` for version 2 and so on.
</span><span class="attribute">#[corresponds(X509_get_version)]
#[cfg(ossl110)]
#[allow(clippy::unnecessary_cast)]
</span><span class="kw">pub fn </span>version(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; i32 {
<span class="kw">unsafe </span>{ ffi::X509_get_version(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>i32 }
}
<span class="doccomment">/// Check if the certificate is signed using the given public key.
///
/// Only the signature is checked: no other checks (such as certificate chain validity)
/// are performed.
///
/// Returns `true` if verification succeeds.
</span><span class="attribute">#[corresponds(X509_verify)]
</span><span class="kw">pub fn </span>verify&lt;T&gt;(<span class="kw-2">&amp;</span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;bool, ErrorStack&gt;
<span class="kw">where
</span>T: HasPublic,
{
<span class="kw">unsafe </span>{ cvt_n(ffi::X509_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) }
}
<span class="doccomment">/// Returns this certificate&#39;s serial number.
</span><span class="attribute">#[corresponds(X509_get_serialNumber)]
</span><span class="kw">pub fn </span>serial_number(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1IntegerRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>r = ffi::X509_get_serialNumber(<span class="self">self</span>.as_ptr());
Asn1IntegerRef::from_const_ptr_opt(r).expect(<span class="string">&quot;serial number must not be null&quot;</span>)
}
}
<span class="macro">to_pem! </span>{
<span class="doccomment">/// Serializes the certificate into a PEM-encoded X509 structure.
///
/// The output will have a header of `-----BEGIN CERTIFICATE-----`.
</span><span class="attribute">#[corresponds(PEM_write_bio_X509)]
</span>to_pem,
ffi::PEM_write_bio_X509
}
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the certificate into a DER-encoded X509 structure.
</span><span class="attribute">#[corresponds(i2d_X509)]
</span>to_der,
ffi::i2d_X509
}
<span class="macro">to_pem! </span>{
<span class="doccomment">/// Converts the certificate to human readable text.
</span><span class="attribute">#[corresponds(X509_print)]
</span>to_text,
ffi::X509_print
}
}
<span class="kw">impl </span>ToOwned <span class="kw">for </span>X509Ref {
<span class="kw">type </span>Owned = X509;
<span class="kw">fn </span>to_owned(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; X509 {
<span class="kw">unsafe </span>{
X509_up_ref(<span class="self">self</span>.as_ptr());
X509::from_ptr(<span class="self">self</span>.as_ptr())
}
}
}
<span class="kw">impl </span>Ord <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; cmp::Ordering {
<span class="comment">// X509_cmp returns a number &lt;0 for less than, 0 for equal and &gt;0 for greater than.
// It can&#39;t fail if both pointers are valid, which we know is true.
</span><span class="kw">let </span>cmp = <span class="kw">unsafe </span>{ ffi::X509_cmp(<span class="self">self</span>.as_ptr(), other.as_ptr()) };
cmp.cmp(<span class="kw-2">&amp;</span><span class="number">0</span>)
}
}
<span class="kw">impl </span>PartialOrd <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>partial_cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;cmp::Ordering&gt; {
<span class="prelude-val">Some</span>(<span class="self">self</span>.cmp(other))
}
}
<span class="kw">impl </span>PartialOrd&lt;X509&gt; <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>partial_cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>X509) -&gt; <span class="prelude-ty">Option</span>&lt;cmp::Ordering&gt; {
&lt;X509Ref <span class="kw">as </span>PartialOrd&lt;X509Ref&gt;&gt;::partial_cmp(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>PartialEq <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>eq(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; bool {
<span class="self">self</span>.cmp(other) == cmp::Ordering::Equal
}
}
<span class="kw">impl </span>PartialEq&lt;X509&gt; <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>eq(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>X509) -&gt; bool {
&lt;X509Ref <span class="kw">as </span>PartialEq&lt;X509Ref&gt;&gt;::eq(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>Eq <span class="kw">for </span>X509Ref {}
<span class="kw">impl </span>X509 {
<span class="doccomment">/// Returns a new builder.
</span><span class="kw">pub fn </span>builder() -&gt; <span class="prelude-ty">Result</span>&lt;X509Builder, ErrorStack&gt; {
X509Builder::new()
}
<span class="macro">from_pem! </span>{
<span class="doccomment">/// Deserializes a PEM-encoded X509 structure.
///
/// The input should have a header of `-----BEGIN CERTIFICATE-----`.
</span><span class="attribute">#[corresponds(PEM_read_bio_X509)]
</span>from_pem,
X509,
ffi::PEM_read_bio_X509
}
<span class="macro">from_der! </span>{
<span class="doccomment">/// Deserializes a DER-encoded X509 structure.
</span><span class="attribute">#[corresponds(d2i_X509)]
</span>from_der,
X509,
ffi::d2i_X509
}
<span class="doccomment">/// Deserializes a list of PEM-formatted certificates.
</span><span class="attribute">#[corresponds(PEM_read_bio_X509)]
</span><span class="kw">pub fn </span>stack_from_pem(pem: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;Vec&lt;X509&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
<span class="kw">let </span>bio = MemBioSlice::new(pem)<span class="question-mark">?</span>;
<span class="kw">let </span><span class="kw-2">mut </span>certs = <span class="macro">vec!</span>[];
<span class="kw">loop </span>{
<span class="kw">let </span>r =
ffi::PEM_read_bio_X509(bio.as_ptr(), ptr::null_mut(), <span class="prelude-val">None</span>, ptr::null_mut());
<span class="kw">if </span>r.is_null() {
<span class="kw">let </span>err = ffi::ERR_peek_last_error();
<span class="kw">if </span>ffi::ERR_GET_LIB(err) <span class="kw">as </span>X509LenTy == ffi::ERR_LIB_PEM
&amp;&amp; ffi::ERR_GET_REASON(err) == ffi::PEM_R_NO_START_LINE
{
ffi::ERR_clear_error();
<span class="kw">break</span>;
}
<span class="kw">return </span><span class="prelude-val">Err</span>(ErrorStack::get());
} <span class="kw">else </span>{
certs.push(X509(r));
}
}
<span class="prelude-val">Ok</span>(certs)
}
}
}
<span class="kw">impl </span>Clone <span class="kw">for </span>X509 {
<span class="kw">fn </span>clone(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; X509 {
X509Ref::to_owned(<span class="self">self</span>)
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509 {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, formatter: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
<span class="kw">let </span>serial = <span class="kw">match </span><span class="kw-2">&amp;</span><span class="self">self</span>.serial_number().to_bn() {
<span class="prelude-val">Ok</span>(bn) =&gt; <span class="kw">match </span>bn.to_hex_str() {
<span class="prelude-val">Ok</span>(hex) =&gt; hex.to_string(),
<span class="prelude-val">Err</span>(<span class="kw">_</span>) =&gt; <span class="string">&quot;&quot;</span>.to_string(),
},
<span class="prelude-val">Err</span>(<span class="kw">_</span>) =&gt; <span class="string">&quot;&quot;</span>.to_string(),
};
<span class="kw">let </span><span class="kw-2">mut </span>debug_struct = formatter.debug_struct(<span class="string">&quot;X509&quot;</span>);
debug_struct.field(<span class="string">&quot;serial_number&quot;</span>, <span class="kw-2">&amp;</span>serial);
debug_struct.field(<span class="string">&quot;signature_algorithm&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.signature_algorithm().object());
debug_struct.field(<span class="string">&quot;issuer&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.issuer_name());
debug_struct.field(<span class="string">&quot;subject&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.subject_name());
<span class="kw">if let </span><span class="prelude-val">Some</span>(subject_alt_names) = <span class="kw-2">&amp;</span><span class="self">self</span>.subject_alt_names() {
debug_struct.field(<span class="string">&quot;subject_alt_names&quot;</span>, subject_alt_names);
}
debug_struct.field(<span class="string">&quot;not_before&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.not_before());
debug_struct.field(<span class="string">&quot;not_after&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.not_after());
<span class="kw">if let </span><span class="prelude-val">Ok</span>(public_key) = <span class="kw-2">&amp;</span><span class="self">self</span>.public_key() {
debug_struct.field(<span class="string">&quot;public_key&quot;</span>, public_key);
};
<span class="comment">// TODO: Print extensions once they are supported on the X509 struct.
</span>debug_struct.finish()
}
}
<span class="kw">impl </span>AsRef&lt;X509Ref&gt; <span class="kw">for </span>X509Ref {
<span class="kw">fn </span>as_ref(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509Ref {
<span class="self">self
</span>}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>X509 {
<span class="kw">type </span>StackType = ffi::stack_st_X509;
}
<span class="kw">impl </span>Ord <span class="kw">for </span>X509 {
<span class="kw">fn </span>cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; cmp::Ordering {
X509Ref::cmp(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>PartialOrd <span class="kw">for </span>X509 {
<span class="kw">fn </span>partial_cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;cmp::Ordering&gt; {
X509Ref::partial_cmp(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>PartialOrd&lt;X509Ref&gt; <span class="kw">for </span>X509 {
<span class="kw">fn </span>partial_cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>X509Ref) -&gt; <span class="prelude-ty">Option</span>&lt;cmp::Ordering&gt; {
X509Ref::partial_cmp(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>PartialEq <span class="kw">for </span>X509 {
<span class="kw">fn </span>eq(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span><span class="self">Self</span>) -&gt; bool {
X509Ref::eq(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>PartialEq&lt;X509Ref&gt; <span class="kw">for </span>X509 {
<span class="kw">fn </span>eq(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>X509Ref) -&gt; bool {
X509Ref::eq(<span class="self">self</span>, other)
}
}
<span class="kw">impl </span>Eq <span class="kw">for </span>X509 {}
<span class="doccomment">/// A context object required to construct certain `X509` extension values.
</span><span class="kw">pub struct </span>X509v3Context&lt;<span class="lifetime">&#39;a</span>&gt;(ffi::X509V3_CTX, PhantomData&lt;(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509Ref, <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>ConfRef)&gt;);
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; X509v3Context&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">pub fn </span>as_ptr(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">*mut </span>ffi::X509V3_CTX {
<span class="kw-2">&amp;</span><span class="self">self</span>.<span class="number">0 </span><span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_ as </span><span class="kw-2">*mut </span><span class="kw">_
</span>}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_EXTENSION;
<span class="kw">fn </span>drop = ffi::X509_EXTENSION_free;
<span class="doccomment">/// Permit additional fields to be added to an `X509` v3 certificate.
</span><span class="kw">pub struct </span>X509Extension;
<span class="doccomment">/// Reference to `X509Extension`.
</span><span class="kw">pub struct </span>X509ExtensionRef;
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>X509Extension {
<span class="kw">type </span>StackType = ffi::stack_st_X509_EXTENSION;
}
<span class="kw">impl </span>X509Extension {
<span class="doccomment">/// Constructs an X509 extension value. See `man x509v3_config` for information on supported
/// names and their value formats.
///
/// Some extension types, such as `subjectAlternativeName`, require an `X509v3Context` to be
/// provided.
///
/// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL
/// mini-language that can read arbitrary files.
///
/// See the extension module for builder types which will construct certain common extensions.
///
/// This function is deprecated, `X509Extension::new_from_der` or the
/// types in `x509::extension` should be used in its place.
</span><span class="attribute">#[deprecated(
note = <span class="string">&quot;Use x509::extension types or new_from_der instead&quot;</span>,
since = <span class="string">&quot;0.10.51&quot;
</span>)]
</span><span class="kw">pub fn </span>new(
conf: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>ConfRef&gt;,
context: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>X509v3Context&lt;<span class="lifetime">&#39;_</span>&gt;&gt;,
name: <span class="kw-2">&amp;</span>str,
value: <span class="kw-2">&amp;</span>str,
) -&gt; <span class="prelude-ty">Result</span>&lt;X509Extension, ErrorStack&gt; {
<span class="kw">let </span>name = CString::new(name).unwrap();
<span class="kw">let </span>value = CString::new(value).unwrap();
<span class="kw">let </span><span class="kw-2">mut </span>ctx;
<span class="kw">unsafe </span>{
ffi::init();
<span class="kw">let </span>conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
<span class="kw">let </span>context_ptr = <span class="kw">match </span>context {
<span class="prelude-val">Some</span>(c) =&gt; c.as_ptr(),
<span class="prelude-val">None </span>=&gt; {
ctx = mem::zeroed();
ffi::X509V3_set_ctx(
<span class="kw-2">&amp;mut </span>ctx,
ptr::null_mut(),
ptr::null_mut(),
ptr::null_mut(),
ptr::null_mut(),
<span class="number">0</span>,
);
<span class="kw-2">&amp;mut </span>ctx
}
};
<span class="kw">let </span>name = name.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>;
<span class="kw">let </span>value = value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>;
cvt_p(ffi::X509V3_EXT_nconf(conf, context_ptr, name, value)).map(X509Extension)
}
}
<span class="doccomment">/// Constructs an X509 extension value. See `man x509v3_config` for information on supported
/// extensions and their value formats.
///
/// Some extension types, such as `nid::SUBJECT_ALTERNATIVE_NAME`, require an `X509v3Context` to
/// be provided.
///
/// DO NOT CALL THIS WITH UNTRUSTED `value`: `value` is an OpenSSL
/// mini-language that can read arbitrary files.
///
/// See the extension module for builder types which will construct certain common extensions.
///
/// This function is deprecated, `X509Extension::new_from_der` or the
/// types in `x509::extension` should be used in its place.
</span><span class="attribute">#[deprecated(
note = <span class="string">&quot;Use x509::extension types or new_from_der instead&quot;</span>,
since = <span class="string">&quot;0.10.51&quot;
</span>)]
</span><span class="kw">pub fn </span>new_nid(
conf: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>ConfRef&gt;,
context: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>X509v3Context&lt;<span class="lifetime">&#39;_</span>&gt;&gt;,
name: Nid,
value: <span class="kw-2">&amp;</span>str,
) -&gt; <span class="prelude-ty">Result</span>&lt;X509Extension, ErrorStack&gt; {
<span class="kw">let </span>value = CString::new(value).unwrap();
<span class="kw">let </span><span class="kw-2">mut </span>ctx;
<span class="kw">unsafe </span>{
ffi::init();
<span class="kw">let </span>conf = conf.map_or(ptr::null_mut(), ConfRef::as_ptr);
<span class="kw">let </span>context_ptr = <span class="kw">match </span>context {
<span class="prelude-val">Some</span>(c) =&gt; c.as_ptr(),
<span class="prelude-val">None </span>=&gt; {
ctx = mem::zeroed();
ffi::X509V3_set_ctx(
<span class="kw-2">&amp;mut </span>ctx,
ptr::null_mut(),
ptr::null_mut(),
ptr::null_mut(),
ptr::null_mut(),
<span class="number">0</span>,
);
<span class="kw-2">&amp;mut </span>ctx
}
};
<span class="kw">let </span>name = name.as_raw();
<span class="kw">let </span>value = value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>;
cvt_p(ffi::X509V3_EXT_nconf_nid(conf, context_ptr, name, value)).map(X509Extension)
}
}
<span class="doccomment">/// Constructs a new X509 extension value from its OID, whether it&#39;s
/// critical, and its DER contents.
///
/// The extent structure of the DER value will vary based on the
/// extension type, and can generally be found in the RFC defining the
/// extension.
///
/// For common extension types, there are Rust APIs provided in
/// `openssl::x509::extensions` which are more ergonomic.
</span><span class="kw">pub fn </span>new_from_der(
oid: <span class="kw-2">&amp;</span>Asn1ObjectRef,
critical: bool,
der_contents: <span class="kw-2">&amp;</span>Asn1OctetStringRef,
) -&gt; <span class="prelude-ty">Result</span>&lt;X509Extension, ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt_p(ffi::X509_EXTENSION_create_by_OBJ(
ptr::null_mut(),
oid.as_ptr(),
critical <span class="kw">as _</span>,
der_contents.as_ptr(),
))
.map(X509Extension)
}
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">unsafe fn </span>new_internal(
nid: Nid,
critical: bool,
value: <span class="kw-2">*mut </span>c_void,
) -&gt; <span class="prelude-ty">Result</span>&lt;X509Extension, ErrorStack&gt; {
ffi::init();
cvt_p(ffi::X509V3_EXT_i2d(nid.as_raw(), critical <span class="kw">as _</span>, value)).map(X509Extension)
}
<span class="doccomment">/// Adds an alias for an extension
///
/// # Safety
///
/// This method modifies global state without locking and therefore is not thread safe
</span><span class="attribute">#[corresponds(X509V3_EXT_add_alias)]
#[deprecated(
note = <span class="string">&quot;Use x509::extension types or new_from_der and then this is not necessary&quot;</span>,
since = <span class="string">&quot;0.10.51&quot;
</span>)]
</span><span class="kw">pub unsafe fn </span>add_alias(to: Nid, from: Nid) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
ffi::init();
cvt(ffi::X509V3_EXT_add_alias(to.as_raw(), from.as_raw())).map(|<span class="kw">_</span>| ())
}
}
<span class="kw">impl </span>X509ExtensionRef {
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the Extension to its standard DER encoding.
</span><span class="attribute">#[corresponds(i2d_X509_EXTENSION)]
</span>to_der,
ffi::i2d_X509_EXTENSION
}
}
<span class="doccomment">/// A builder used to construct an `X509Name`.
</span><span class="kw">pub struct </span>X509NameBuilder(X509Name);
<span class="kw">impl </span>X509NameBuilder {
<span class="doccomment">/// Creates a new builder.
</span><span class="kw">pub fn </span>new() -&gt; <span class="prelude-ty">Result</span>&lt;X509NameBuilder, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
cvt_p(ffi::X509_NAME_new()).map(|p| X509NameBuilder(X509Name(p)))
}
}
<span class="doccomment">/// Add a name entry
</span><span class="attribute">#[corresponds(X509_NAME_add_entry)]
#[cfg(any(ossl101, libressl350))]
</span><span class="kw">pub fn </span>append_entry(<span class="kw-2">&amp;mut </span><span class="self">self</span>, ne: <span class="kw-2">&amp;</span>X509NameEntryRef) -&gt; std::result::Result&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_NAME_add_entry(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
ne.as_ptr(),
-<span class="number">1</span>,
<span class="number">0</span>,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Add a field entry by str.
///
/// This corresponds to [`X509_NAME_add_entry_by_txt`].
///
/// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html
</span><span class="kw">pub fn </span>append_entry_by_text(<span class="kw-2">&amp;mut </span><span class="self">self</span>, field: <span class="kw-2">&amp;</span>str, value: <span class="kw-2">&amp;</span>str) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>field = CString::new(field).unwrap();
<span class="macro">assert!</span>(value.len() &lt;= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
field.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
ffi::MBSTRING_UTF8,
value.as_ptr(),
value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType,
-<span class="number">1</span>,
<span class="number">0</span>,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Add a field entry by str with a specific type.
///
/// This corresponds to [`X509_NAME_add_entry_by_txt`].
///
/// [`X509_NAME_add_entry_by_txt`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_txt.html
</span><span class="kw">pub fn </span>append_entry_by_text_with_type(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
field: <span class="kw-2">&amp;</span>str,
value: <span class="kw-2">&amp;</span>str,
ty: Asn1Type,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>field = CString::new(field).unwrap();
<span class="macro">assert!</span>(value.len() &lt;= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize);
cvt(ffi::X509_NAME_add_entry_by_txt(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
field.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
ty.as_raw(),
value.as_ptr(),
value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType,
-<span class="number">1</span>,
<span class="number">0</span>,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Add a field entry by NID.
///
/// This corresponds to [`X509_NAME_add_entry_by_NID`].
///
/// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
</span><span class="kw">pub fn </span>append_entry_by_nid(<span class="kw-2">&amp;mut </span><span class="self">self</span>, field: Nid, value: <span class="kw-2">&amp;</span>str) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="macro">assert!</span>(value.len() &lt;= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
field.as_raw(),
ffi::MBSTRING_UTF8,
value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType,
-<span class="number">1</span>,
<span class="number">0</span>,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Add a field entry by NID with a specific type.
///
/// This corresponds to [`X509_NAME_add_entry_by_NID`].
///
/// [`X509_NAME_add_entry_by_NID`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_add_entry_by_NID.html
</span><span class="kw">pub fn </span>append_entry_by_nid_with_type(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
field: Nid,
value: <span class="kw-2">&amp;</span>str,
ty: Asn1Type,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="macro">assert!</span>(value.len() &lt;= <span class="kw">crate</span>::SLenType::max_value() <span class="kw">as </span>usize);
cvt(ffi::X509_NAME_add_entry_by_NID(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
field.as_raw(),
ty.as_raw(),
value.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
value.len() <span class="kw">as </span><span class="kw">crate</span>::SLenType,
-<span class="number">1</span>,
<span class="number">0</span>,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Return an `X509Name`.
</span><span class="kw">pub fn </span>build(<span class="self">self</span>) -&gt; X509Name {
<span class="comment">// Round-trip through bytes because OpenSSL is not const correct and
// names in a &quot;modified&quot; state compute various things lazily. This can
// lead to data-races because OpenSSL doesn&#39;t have locks or anything.
</span>X509Name::from_der(<span class="kw-2">&amp;</span><span class="self">self</span>.<span class="number">0</span>.to_der().unwrap()).unwrap()
}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_NAME;
<span class="kw">fn </span>drop = ffi::X509_NAME_free;
<span class="doccomment">/// The names of an `X509` certificate.
</span><span class="kw">pub struct </span>X509Name;
<span class="doccomment">/// Reference to `X509Name`.
</span><span class="kw">pub struct </span>X509NameRef;
}
<span class="kw">impl </span>X509Name {
<span class="doccomment">/// Returns a new builder.
</span><span class="kw">pub fn </span>builder() -&gt; <span class="prelude-ty">Result</span>&lt;X509NameBuilder, ErrorStack&gt; {
X509NameBuilder::new()
}
<span class="doccomment">/// Loads subject names from a file containing PEM-formatted certificates.
///
/// This is commonly used in conjunction with `SslContextBuilder::set_client_ca_list`.
</span><span class="kw">pub fn </span>load_client_ca_file&lt;P: AsRef&lt;Path&gt;&gt;(file: P) -&gt; <span class="prelude-ty">Result</span>&lt;Stack&lt;X509Name&gt;, ErrorStack&gt; {
<span class="kw">let </span>file = CString::new(file.as_ref().as_os_str().to_str().unwrap()).unwrap();
<span class="kw">unsafe </span>{ cvt_p(ffi::SSL_load_client_CA_file(file.as_ptr())).map(|p| Stack::from_ptr(p)) }
}
<span class="macro">from_der! </span>{
<span class="doccomment">/// Deserializes a DER-encoded X509 name structure.
///
/// This corresponds to [`d2i_X509_NAME`].
///
/// [`d2i_X509_NAME`]: https://www.openssl.org/docs/manmaster/man3/d2i_X509_NAME.html
</span>from_der,
X509Name,
ffi::d2i_X509_NAME
}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>X509Name {
<span class="kw">type </span>StackType = ffi::stack_st_X509_NAME;
}
<span class="kw">impl </span>X509NameRef {
<span class="doccomment">/// Returns the name entries by the nid.
</span><span class="kw">pub fn </span>entries_by_nid(<span class="kw-2">&amp;</span><span class="self">self</span>, nid: Nid) -&gt; X509NameEntries&lt;<span class="lifetime">&#39;_</span>&gt; {
X509NameEntries {
name: <span class="self">self</span>,
nid: <span class="prelude-val">Some</span>(nid),
loc: -<span class="number">1</span>,
}
}
<span class="doccomment">/// Returns an iterator over all `X509NameEntry` values
</span><span class="kw">pub fn </span>entries(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; X509NameEntries&lt;<span class="lifetime">&#39;_</span>&gt; {
X509NameEntries {
name: <span class="self">self</span>,
nid: <span class="prelude-val">None</span>,
loc: -<span class="number">1</span>,
}
}
<span class="doccomment">/// Compare two names, like [`Ord`] but it may fail.
///
/// With OpenSSL versions from 3.0.0 this may return an error if the underlying `X509_NAME_cmp`
/// call fails.
/// For OpenSSL versions before 3.0.0 it will never return an error, but due to a bug it may
/// spuriously return `Ordering::Less` if the `X509_NAME_cmp` call fails.
</span><span class="attribute">#[corresponds(X509_NAME_cmp)]
</span><span class="kw">pub fn </span>try_cmp(<span class="kw-2">&amp;</span><span class="self">self</span>, other: <span class="kw-2">&amp;</span>X509NameRef) -&gt; <span class="prelude-ty">Result</span>&lt;Ordering, ErrorStack&gt; {
<span class="kw">let </span>cmp = <span class="kw">unsafe </span>{ ffi::X509_NAME_cmp(<span class="self">self</span>.as_ptr(), other.as_ptr()) };
<span class="kw">if </span><span class="macro">cfg!</span>(ossl300) &amp;&amp; cmp == -<span class="number">2 </span>{
<span class="kw">return </span><span class="prelude-val">Err</span>(ErrorStack::get());
}
<span class="prelude-val">Ok</span>(cmp.cmp(<span class="kw-2">&amp;</span><span class="number">0</span>))
}
<span class="doccomment">/// Copies the name to a new `X509Name`.
</span><span class="attribute">#[corresponds(X509_NAME_dup)]
#[cfg(any(boringssl, ossl110, libressl270))]
</span><span class="kw">pub fn </span>to_owned(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;X509Name, ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt_p(ffi::X509_NAME_dup(<span class="self">self</span>.as_ptr())).map(|n| X509Name::from_ptr(n)) }
}
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the certificate into a DER-encoded X509 name structure.
///
/// This corresponds to [`i2d_X509_NAME`].
///
/// [`i2d_X509_NAME`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_NAME.html
</span>to_der,
ffi::i2d_X509_NAME
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509NameRef {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, formatter: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
formatter.debug_list().entries(<span class="self">self</span>.entries()).finish()
}
}
<span class="doccomment">/// A type to destructure and examine an `X509Name`.
</span><span class="kw">pub struct </span>X509NameEntries&lt;<span class="lifetime">&#39;a</span>&gt; {
name: <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509NameRef,
nid: <span class="prelude-ty">Option</span>&lt;Nid&gt;,
loc: c_int,
}
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; Iterator <span class="kw">for </span>X509NameEntries&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">type </span>Item = <span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509NameEntryRef;
<span class="kw">fn </span>next(<span class="kw-2">&amp;mut </span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509NameEntryRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">match </span><span class="self">self</span>.nid {
<span class="prelude-val">Some</span>(nid) =&gt; {
<span class="comment">// There is a `Nid` specified to search for
</span><span class="self">self</span>.loc =
ffi::X509_NAME_get_index_by_NID(<span class="self">self</span>.name.as_ptr(), nid.as_raw(), <span class="self">self</span>.loc);
<span class="kw">if </span><span class="self">self</span>.loc == -<span class="number">1 </span>{
<span class="kw">return </span><span class="prelude-val">None</span>;
}
}
<span class="prelude-val">None </span>=&gt; {
<span class="comment">// Iterate over all `Nid`s
</span><span class="self">self</span>.loc += <span class="number">1</span>;
<span class="kw">if </span><span class="self">self</span>.loc &gt;= ffi::X509_NAME_entry_count(<span class="self">self</span>.name.as_ptr()) {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
}
}
<span class="kw">let </span>entry = ffi::X509_NAME_get_entry(<span class="self">self</span>.name.as_ptr(), <span class="self">self</span>.loc);
<span class="prelude-val">Some</span>(X509NameEntryRef::from_const_ptr_opt(entry).expect(<span class="string">&quot;entry must not be null&quot;</span>))
}
}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_NAME_ENTRY;
<span class="kw">fn </span>drop = ffi::X509_NAME_ENTRY_free;
<span class="doccomment">/// A name entry associated with a `X509Name`.
</span><span class="kw">pub struct </span>X509NameEntry;
<span class="doccomment">/// Reference to `X509NameEntry`.
</span><span class="kw">pub struct </span>X509NameEntryRef;
}
<span class="kw">impl </span>X509NameEntryRef {
<span class="doccomment">/// Returns the field value of an `X509NameEntry`.
///
/// This corresponds to [`X509_NAME_ENTRY_get_data`].
///
/// [`X509_NAME_ENTRY_get_data`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_data.html
</span><span class="kw">pub fn </span>data(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1StringRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>data = ffi::X509_NAME_ENTRY_get_data(<span class="self">self</span>.as_ptr());
Asn1StringRef::from_ptr(data)
}
}
<span class="doccomment">/// Returns the `Asn1Object` value of an `X509NameEntry`.
/// This is useful for finding out about the actual `Nid` when iterating over all `X509NameEntries`.
///
/// This corresponds to [`X509_NAME_ENTRY_get_object`].
///
/// [`X509_NAME_ENTRY_get_object`]: https://www.openssl.org/docs/manmaster/crypto/X509_NAME_ENTRY_get_object.html
</span><span class="kw">pub fn </span>object(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1ObjectRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>object = ffi::X509_NAME_ENTRY_get_object(<span class="self">self</span>.as_ptr());
Asn1ObjectRef::from_ptr(object)
}
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509NameEntryRef {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, formatter: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
formatter.write_fmt(<span class="macro">format_args!</span>(<span class="string">&quot;{:?} = {:?}&quot;</span>, <span class="self">self</span>.object(), <span class="self">self</span>.data()))
}
}
<span class="doccomment">/// A builder used to construct an `X509Req`.
</span><span class="kw">pub struct </span>X509ReqBuilder(X509Req);
<span class="kw">impl </span>X509ReqBuilder {
<span class="doccomment">/// Returns a builder for a certificate request.
///
/// This corresponds to [`X509_REQ_new`].
///
///[`X509_REQ_new`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_new.html
</span><span class="kw">pub fn </span>new() -&gt; <span class="prelude-ty">Result</span>&lt;X509ReqBuilder, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
cvt_p(ffi::X509_REQ_new()).map(|p| X509ReqBuilder(X509Req(p)))
}
}
<span class="doccomment">/// Set the numerical value of the version field.
///
/// This corresponds to [`X509_REQ_set_version`].
///
///[`X509_REQ_set_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_version.html
</span><span class="attribute">#[allow(clippy::useless_conversion)]
</span><span class="kw">pub fn </span>set_version(<span class="kw-2">&amp;mut </span><span class="self">self</span>, version: i32) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_REQ_set_version(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
version <span class="kw">as </span>c_long,
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Set the issuer name.
///
/// This corresponds to [`X509_REQ_set_subject_name`].
///
/// [`X509_REQ_set_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_subject_name.html
</span><span class="kw">pub fn </span>set_subject_name(<span class="kw-2">&amp;mut </span><span class="self">self</span>, subject_name: <span class="kw-2">&amp;</span>X509NameRef) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_REQ_set_subject_name(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
subject_name.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Set the public key.
///
/// This corresponds to [`X509_REQ_set_pubkey`].
///
/// [`X509_REQ_set_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_set_pubkey.html
</span><span class="kw">pub fn </span>set_pubkey&lt;T&gt;(<span class="kw-2">&amp;mut </span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt;
<span class="kw">where
</span>T: HasPublic,
{
<span class="kw">unsafe </span>{ cvt(ffi::X509_REQ_set_pubkey(<span class="self">self</span>.<span class="number">0</span>.as_ptr(), key.as_ptr())).map(|<span class="kw">_</span>| ()) }
}
<span class="doccomment">/// Return an `X509v3Context`. This context object can be used to construct
/// certain `X509` extensions.
</span><span class="kw">pub fn </span>x509v3_context&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="self">self</span>, conf: <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>ConfRef&gt;) -&gt; X509v3Context&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>ctx = mem::zeroed();
ffi::X509V3_set_ctx(
<span class="kw-2">&amp;mut </span>ctx,
ptr::null_mut(),
ptr::null_mut(),
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
ptr::null_mut(),
<span class="number">0</span>,
);
<span class="comment">// nodb case taken care of since we zeroed ctx above
</span><span class="kw">if let </span><span class="prelude-val">Some</span>(conf) = conf {
ffi::X509V3_set_nconf(<span class="kw-2">&amp;mut </span>ctx, conf.as_ptr());
}
X509v3Context(ctx, PhantomData)
}
}
<span class="doccomment">/// Permits any number of extension fields to be added to the certificate.
</span><span class="kw">pub fn </span>add_extensions(
<span class="kw-2">&amp;mut </span><span class="self">self</span>,
extensions: <span class="kw-2">&amp;</span>StackRef&lt;X509Extension&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt; {
<span class="kw">unsafe </span>{
cvt(ffi::X509_REQ_add_extensions(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
extensions.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Sign the request using a private key.
///
/// This corresponds to [`X509_REQ_sign`].
///
/// [`X509_REQ_sign`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_sign.html
</span><span class="kw">pub fn </span>sign&lt;T&gt;(<span class="kw-2">&amp;mut </span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;, hash: MessageDigest) -&gt; <span class="prelude-ty">Result</span>&lt;(), ErrorStack&gt;
<span class="kw">where
</span>T: HasPrivate,
{
<span class="kw">unsafe </span>{
cvt(ffi::X509_REQ_sign(
<span class="self">self</span>.<span class="number">0</span>.as_ptr(),
key.as_ptr(),
hash.as_ptr(),
))
.map(|<span class="kw">_</span>| ())
}
}
<span class="doccomment">/// Returns the `X509Req`.
</span><span class="kw">pub fn </span>build(<span class="self">self</span>) -&gt; X509Req {
<span class="self">self</span>.<span class="number">0
</span>}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_REQ;
<span class="kw">fn </span>drop = ffi::X509_REQ_free;
<span class="doccomment">/// An `X509` certificate request.
</span><span class="kw">pub struct </span>X509Req;
<span class="doccomment">/// Reference to `X509Req`.
</span><span class="kw">pub struct </span>X509ReqRef;
}
<span class="kw">impl </span>X509Req {
<span class="doccomment">/// A builder for `X509Req`.
</span><span class="kw">pub fn </span>builder() -&gt; <span class="prelude-ty">Result</span>&lt;X509ReqBuilder, ErrorStack&gt; {
X509ReqBuilder::new()
}
<span class="macro">from_pem! </span>{
<span class="doccomment">/// Deserializes a PEM-encoded PKCS#10 certificate request structure.
///
/// The input should have a header of `-----BEGIN CERTIFICATE REQUEST-----`.
///
/// This corresponds to [`PEM_read_bio_X509_REQ`].
///
/// [`PEM_read_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_read_bio_X509_REQ.html
</span>from_pem,
X509Req,
ffi::PEM_read_bio_X509_REQ
}
<span class="macro">from_der! </span>{
<span class="doccomment">/// Deserializes a DER-encoded PKCS#10 certificate request structure.
///
/// This corresponds to [`d2i_X509_REQ`].
///
/// [`d2i_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/d2i_X509_REQ.html
</span>from_der,
X509Req,
ffi::d2i_X509_REQ
}
}
<span class="kw">impl </span>X509ReqRef {
<span class="macro">to_pem! </span>{
<span class="doccomment">/// Serializes the certificate request to a PEM-encoded PKCS#10 structure.
///
/// The output will have a header of `-----BEGIN CERTIFICATE REQUEST-----`.
///
/// This corresponds to [`PEM_write_bio_X509_REQ`].
///
/// [`PEM_write_bio_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/PEM_write_bio_X509_REQ.html
</span>to_pem,
ffi::PEM_write_bio_X509_REQ
}
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the certificate request to a DER-encoded PKCS#10 structure.
///
/// This corresponds to [`i2d_X509_REQ`].
///
/// [`i2d_X509_REQ`]: https://www.openssl.org/docs/manmaster/crypto/i2d_X509_REQ.html
</span>to_der,
ffi::i2d_X509_REQ
}
<span class="macro">to_pem! </span>{
<span class="doccomment">/// Converts the request to human readable text.
</span><span class="attribute">#[corresponds(X509_Req_print)]
</span>to_text,
ffi::X509_REQ_print
}
<span class="doccomment">/// Returns the numerical value of the version field of the certificate request.
///
/// This corresponds to [`X509_REQ_get_version`]
///
/// [`X509_REQ_get_version`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_version.html
</span><span class="attribute">#[allow(clippy::unnecessary_cast)]
</span><span class="kw">pub fn </span>version(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; i32 {
<span class="kw">unsafe </span>{ X509_REQ_get_version(<span class="self">self</span>.as_ptr()) <span class="kw">as </span>i32 }
}
<span class="doccomment">/// Returns the subject name of the certificate request.
///
/// This corresponds to [`X509_REQ_get_subject_name`]
///
/// [`X509_REQ_get_subject_name`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_subject_name.html
</span><span class="kw">pub fn </span>subject_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509NameRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>name = X509_REQ_get_subject_name(<span class="self">self</span>.as_ptr());
X509NameRef::from_const_ptr_opt(name).expect(<span class="string">&quot;subject name must not be null&quot;</span>)
}
}
<span class="doccomment">/// Returns the public key of the certificate request.
///
/// This corresponds to [`X509_REQ_get_pubkey&quot;]
///
/// [`X509_REQ_get_pubkey`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_get_pubkey.html
</span><span class="kw">pub fn </span>public_key(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;PKey&lt;Public&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>key = cvt_p(ffi::X509_REQ_get_pubkey(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(PKey::from_ptr(key))
}
}
<span class="doccomment">/// Check if the certificate request is signed using the given public key.
///
/// Returns `true` if verification succeeds.
///
/// This corresponds to [`X509_REQ_verify&quot;].
///
/// [`X509_REQ_verify`]: https://www.openssl.org/docs/manmaster/crypto/X509_REQ_verify.html
</span><span class="kw">pub fn </span>verify&lt;T&gt;(<span class="kw-2">&amp;</span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;bool, ErrorStack&gt;
<span class="kw">where
</span>T: HasPublic,
{
<span class="kw">unsafe </span>{ cvt_n(ffi::X509_REQ_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) }
}
<span class="doccomment">/// Returns the extensions of the certificate request.
///
/// This corresponds to [`X509_REQ_get_extensions&quot;]
</span><span class="kw">pub fn </span>extensions(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;Stack&lt;X509Extension&gt;, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>extensions = cvt_p(ffi::X509_REQ_get_extensions(<span class="self">self</span>.as_ptr()))<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(Stack::from_ptr(extensions))
}
}
}
<span class="doccomment">/// The reason that a certificate was revoked.
</span><span class="attribute">#[derive(Debug, Copy, Clone, PartialEq, Eq)]
</span><span class="kw">pub struct </span>CrlReason(c_int);
<span class="attribute">#[allow(missing_docs)] </span><span class="comment">// no need to document the constants
</span><span class="kw">impl </span>CrlReason {
<span class="kw">pub const </span>UNSPECIFIED: CrlReason = CrlReason(ffi::CRL_REASON_UNSPECIFIED);
<span class="kw">pub const </span>KEY_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_KEY_COMPROMISE);
<span class="kw">pub const </span>CA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_CA_COMPROMISE);
<span class="kw">pub const </span>AFFILIATION_CHANGED: CrlReason = CrlReason(ffi::CRL_REASON_AFFILIATION_CHANGED);
<span class="kw">pub const </span>SUPERSEDED: CrlReason = CrlReason(ffi::CRL_REASON_SUPERSEDED);
<span class="kw">pub const </span>CESSATION_OF_OPERATION: CrlReason = CrlReason(ffi::CRL_REASON_CESSATION_OF_OPERATION);
<span class="kw">pub const </span>CERTIFICATE_HOLD: CrlReason = CrlReason(ffi::CRL_REASON_CERTIFICATE_HOLD);
<span class="kw">pub const </span>REMOVE_FROM_CRL: CrlReason = CrlReason(ffi::CRL_REASON_REMOVE_FROM_CRL);
<span class="kw">pub const </span>PRIVILEGE_WITHDRAWN: CrlReason = CrlReason(ffi::CRL_REASON_PRIVILEGE_WITHDRAWN);
<span class="kw">pub const </span>AA_COMPROMISE: CrlReason = CrlReason(ffi::CRL_REASON_AA_COMPROMISE);
<span class="doccomment">/// Constructs an `CrlReason` from a raw OpenSSL value.
</span><span class="kw">pub const fn </span>from_raw(value: c_int) -&gt; <span class="self">Self </span>{
CrlReason(value)
}
<span class="doccomment">/// Returns the raw OpenSSL value represented by this type.
</span><span class="kw">pub const fn </span>as_raw(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; c_int {
<span class="self">self</span>.<span class="number">0
</span>}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_REVOKED;
<span class="kw">fn </span>drop = ffi::X509_REVOKED_free;
<span class="doccomment">/// An `X509` certificate revocation status.
</span><span class="kw">pub struct </span>X509Revoked;
<span class="doccomment">/// Reference to `X509Revoked`.
</span><span class="kw">pub struct </span>X509RevokedRef;
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>X509Revoked {
<span class="kw">type </span>StackType = ffi::stack_st_X509_REVOKED;
}
<span class="kw">impl </span>X509Revoked {
<span class="macro">from_der! </span>{
<span class="doccomment">/// Deserializes a DER-encoded certificate revocation status
</span><span class="attribute">#[corresponds(d2i_X509_REVOKED)]
</span>from_der,
X509Revoked,
ffi::d2i_X509_REVOKED
}
}
<span class="kw">impl </span>X509RevokedRef {
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the certificate request to a DER-encoded certificate revocation status
</span><span class="attribute">#[corresponds(d2i_X509_REVOKED)]
</span>to_der,
ffi::i2d_X509_REVOKED
}
<span class="doccomment">/// Copies the entry to a new `X509Revoked`.
</span><span class="attribute">#[corresponds(X509_NAME_dup)]
#[cfg(any(boringssl, ossl110, libressl270))]
</span><span class="kw">pub fn </span>to_owned(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;X509Revoked, ErrorStack&gt; {
<span class="kw">unsafe </span>{ cvt_p(ffi::X509_REVOKED_dup(<span class="self">self</span>.as_ptr())).map(|n| X509Revoked::from_ptr(n)) }
}
<span class="doccomment">/// Get the date that the certificate was revoked
</span><span class="attribute">#[corresponds(X509_REVOKED_get0_revocationDate)]
</span><span class="kw">pub fn </span>revocation_date(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1TimeRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>r = X509_REVOKED_get0_revocationDate(<span class="self">self</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>);
<span class="macro">assert!</span>(!r.is_null());
Asn1TimeRef::from_ptr(r <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Get the serial number of the revoked certificate
</span><span class="attribute">#[corresponds(X509_REVOKED_get0_serialNumber)]
</span><span class="kw">pub fn </span>serial_number(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1IntegerRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>r = X509_REVOKED_get0_serialNumber(<span class="self">self</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>);
<span class="macro">assert!</span>(!r.is_null());
Asn1IntegerRef::from_ptr(r <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Get the criticality and value of an extension.
///
/// This returns None if the extension is not present or occurs multiple times.
</span><span class="attribute">#[corresponds(X509_REVOKED_get_ext_d2i)]
</span><span class="kw">pub fn </span>extension&lt;T: ExtensionType&gt;(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Result</span>&lt;<span class="prelude-ty">Option</span>&lt;(bool, T::Output)&gt;, ErrorStack&gt; {
<span class="kw">let </span><span class="kw-2">mut </span>critical = -<span class="number">1</span>;
<span class="kw">let </span>out = <span class="kw">unsafe </span>{
<span class="comment">// SAFETY: self.as_ptr() is a valid pointer to an X509_REVOKED.
</span><span class="kw">let </span>ext = ffi::X509_REVOKED_get_ext_d2i(
<span class="self">self</span>.as_ptr(),
T::NID.as_raw(),
<span class="kw-2">&amp;mut </span>critical <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>,
ptr::null_mut(),
);
<span class="comment">// SAFETY: Extensions&#39;s contract promises that the type returned by
// OpenSSL here is T::Output.
</span>T::Output::from_ptr_opt(ext <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
};
<span class="kw">match </span>(critical, out) {
(<span class="number">0</span>, <span class="prelude-val">Some</span>(out)) =&gt; <span class="prelude-val">Ok</span>(<span class="prelude-val">Some</span>((<span class="bool-val">false</span>, out))),
(<span class="number">1</span>, <span class="prelude-val">Some</span>(out)) =&gt; <span class="prelude-val">Ok</span>(<span class="prelude-val">Some</span>((<span class="bool-val">true</span>, out))),
<span class="comment">// -1 means the extension wasn&#39;t found, -2 means multiple were found.
</span>(-<span class="number">1 </span>| -<span class="number">2</span>, <span class="kw">_</span>) =&gt; <span class="prelude-val">Ok</span>(<span class="prelude-val">None</span>),
<span class="comment">// A critical value of 0 or 1 suggests success, but a null pointer
// was returned so something went wrong.
</span>(<span class="number">0 </span>| <span class="number">1</span>, <span class="prelude-val">None</span>) =&gt; <span class="prelude-val">Err</span>(ErrorStack::get()),
(c_int::MIN..=-<span class="number">2 </span>| <span class="number">2</span>.., <span class="kw">_</span>) =&gt; <span class="macro">panic!</span>(<span class="string">&quot;OpenSSL should only return -2, -1, 0, or 1 for an extension&#39;s criticality but it returned {}&quot;</span>, critical),
}
}
}
<span class="doccomment">/// The CRL entry extension identifying the reason for revocation see [`CrlReason`],
/// this is as defined in RFC 5280 Section 5.3.1.
</span><span class="kw">pub enum </span>ReasonCode {}
<span class="comment">// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC
// and in OpenSSL.
</span><span class="kw">unsafe impl </span>ExtensionType <span class="kw">for </span>ReasonCode {
<span class="kw">const </span>NID: Nid = Nid::from_raw(ffi::NID_crl_reason);
<span class="kw">type </span>Output = Asn1Enumerated;
}
<span class="doccomment">/// The CRL entry extension identifying the issuer of a certificate used in
/// indirect CRLs, as defined in RFC 5280 Section 5.3.3.
</span><span class="kw">pub enum </span>CertificateIssuer {}
<span class="comment">// SAFETY: CertificateIssuer is defined to be a stack of GeneralName in the RFC
// and in OpenSSL.
</span><span class="kw">unsafe impl </span>ExtensionType <span class="kw">for </span>CertificateIssuer {
<span class="kw">const </span>NID: Nid = Nid::from_raw(ffi::NID_certificate_issuer);
<span class="kw">type </span>Output = Stack&lt;GeneralName&gt;;
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_CRL;
<span class="kw">fn </span>drop = ffi::X509_CRL_free;
<span class="doccomment">/// An `X509` certificate revocation list.
</span><span class="kw">pub struct </span>X509Crl;
<span class="doccomment">/// Reference to `X509Crl`.
</span><span class="kw">pub struct </span>X509CrlRef;
}
<span class="doccomment">/// The status of a certificate in a revoction list
///
/// Corresponds to the return value from the [`X509_CRL_get0_by_*`] methods.
///
/// [`X509_CRL_get0_by_*`]: https://www.openssl.org/docs/man1.1.0/man3/X509_CRL_get0_by_serial.html
</span><span class="kw">pub enum </span>CrlStatus&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="doccomment">/// The certificate is not present in the list
</span>NotRevoked,
<span class="doccomment">/// The certificate is in the list and is revoked
</span>Revoked(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509RevokedRef),
<span class="doccomment">/// The certificate is in the list, but has the &quot;removeFromCrl&quot; status.
///
/// This can occur if the certificate was revoked with the &quot;CertificateHold&quot;
/// reason, and has since been unrevoked.
</span>RemoveFromCrl(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span>X509RevokedRef),
}
<span class="kw">impl</span>&lt;<span class="lifetime">&#39;a</span>&gt; CrlStatus&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="comment">// Helper used by the X509_CRL_get0_by_* methods to convert their return
// value to the status enum.
// Safety note: the returned CrlStatus must not outlive the owner of the
// revoked_entry pointer.
</span><span class="kw">unsafe fn </span>from_ffi_status(
status: c_int,
revoked_entry: <span class="kw-2">*mut </span>ffi::X509_REVOKED,
) -&gt; CrlStatus&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">match </span>status {
<span class="number">0 </span>=&gt; CrlStatus::NotRevoked,
<span class="number">1 </span>=&gt; {
<span class="macro">assert!</span>(!revoked_entry.is_null());
CrlStatus::Revoked(X509RevokedRef::from_ptr(revoked_entry))
}
<span class="number">2 </span>=&gt; {
<span class="macro">assert!</span>(!revoked_entry.is_null());
CrlStatus::RemoveFromCrl(X509RevokedRef::from_ptr(revoked_entry))
}
<span class="kw">_ </span>=&gt; <span class="macro">unreachable!</span>(
<span class="string">&quot;{}&quot;</span>,
<span class="string">&quot;X509_CRL_get0_by_{{serial,cert}} should only return 0, 1, or 2.&quot;
</span>),
}
}
}
<span class="kw">impl </span>X509Crl {
<span class="macro">from_pem! </span>{
<span class="doccomment">/// Deserializes a PEM-encoded Certificate Revocation List
///
/// The input should have a header of `-----BEGIN X509 CRL-----`.
</span><span class="attribute">#[corresponds(PEM_read_bio_X509_CRL)]
</span>from_pem,
X509Crl,
ffi::PEM_read_bio_X509_CRL
}
<span class="macro">from_der! </span>{
<span class="doccomment">/// Deserializes a DER-encoded Certificate Revocation List
</span><span class="attribute">#[corresponds(d2i_X509_CRL)]
</span>from_der,
X509Crl,
ffi::d2i_X509_CRL
}
}
<span class="kw">impl </span>X509CrlRef {
<span class="macro">to_pem! </span>{
<span class="doccomment">/// Serializes the certificate request to a PEM-encoded Certificate Revocation List.
///
/// The output will have a header of `-----BEGIN X509 CRL-----`.
</span><span class="attribute">#[corresponds(PEM_write_bio_X509_CRL)]
</span>to_pem,
ffi::PEM_write_bio_X509_CRL
}
<span class="macro">to_der! </span>{
<span class="doccomment">/// Serializes the certificate request to a DER-encoded Certificate Revocation List.
</span><span class="attribute">#[corresponds(i2d_X509_CRL)]
</span>to_der,
ffi::i2d_X509_CRL
}
<span class="doccomment">/// Get the stack of revocation entries
</span><span class="kw">pub fn </span>get_revoked(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>StackRef&lt;X509Revoked&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>revoked = X509_CRL_get_REVOKED(<span class="self">self</span>.as_ptr());
<span class="kw">if </span>revoked.is_null() {
<span class="prelude-val">None
</span>} <span class="kw">else </span>{
<span class="prelude-val">Some</span>(StackRef::from_ptr(revoked))
}
}
}
<span class="doccomment">/// Returns the CRL&#39;s `lastUpdate` time.
</span><span class="attribute">#[corresponds(X509_CRL_get0_lastUpdate)]
</span><span class="kw">pub fn </span>last_update(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1TimeRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>date = X509_CRL_get0_lastUpdate(<span class="self">self</span>.as_ptr());
<span class="macro">assert!</span>(!date.is_null());
Asn1TimeRef::from_ptr(date <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>)
}
}
<span class="doccomment">/// Returns the CRL&#39;s `nextUpdate` time.
///
/// If the `nextUpdate` field is missing, returns `None`.
</span><span class="attribute">#[corresponds(X509_CRL_get0_nextUpdate)]
</span><span class="kw">pub fn </span>next_update(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>Asn1TimeRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>date = X509_CRL_get0_nextUpdate(<span class="self">self</span>.as_ptr());
Asn1TimeRef::from_const_ptr_opt(date)
}
}
<span class="doccomment">/// Get the revocation status of a certificate by its serial number
</span><span class="attribute">#[corresponds(X509_CRL_get0_by_serial)]
</span><span class="kw">pub fn </span>get_by_serial&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="self">self</span>, serial: <span class="kw-2">&amp;</span>Asn1IntegerRef) -&gt; CrlStatus&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>ret = ptr::null_mut::&lt;ffi::X509_REVOKED&gt;();
<span class="kw">let </span>status =
ffi::X509_CRL_get0_by_serial(<span class="self">self</span>.as_ptr(), <span class="kw-2">&amp;mut </span>ret <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, serial.as_ptr());
CrlStatus::from_ffi_status(status, ret)
}
}
<span class="doccomment">/// Get the revocation status of a certificate
</span><span class="attribute">#[corresponds(X509_CRL_get0_by_cert)]
</span><span class="kw">pub fn </span>get_by_cert&lt;<span class="lifetime">&#39;a</span>&gt;(<span class="kw-2">&amp;</span><span class="lifetime">&#39;a </span><span class="self">self</span>, cert: <span class="kw-2">&amp;</span>X509) -&gt; CrlStatus&lt;<span class="lifetime">&#39;a</span>&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>ret = ptr::null_mut::&lt;ffi::X509_REVOKED&gt;();
<span class="kw">let </span>status =
ffi::X509_CRL_get0_by_cert(<span class="self">self</span>.as_ptr(), <span class="kw-2">&amp;mut </span>ret <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>, cert.as_ptr());
CrlStatus::from_ffi_status(status, ret)
}
}
<span class="doccomment">/// Get the issuer name from the revocation list.
</span><span class="attribute">#[corresponds(X509_CRL_get_issuer)]
</span><span class="kw">pub fn </span>issuer_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>X509NameRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span>name = X509_CRL_get_issuer(<span class="self">self</span>.as_ptr());
<span class="macro">assert!</span>(!name.is_null());
X509NameRef::from_ptr(name)
}
}
<span class="doccomment">/// Check if the CRL is signed using the given public key.
///
/// Only the signature is checked: no other checks (such as certificate chain validity)
/// are performed.
///
/// Returns `true` if verification succeeds.
</span><span class="attribute">#[corresponds(X509_CRL_verify)]
</span><span class="kw">pub fn </span>verify&lt;T&gt;(<span class="kw-2">&amp;</span><span class="self">self</span>, key: <span class="kw-2">&amp;</span>PKeyRef&lt;T&gt;) -&gt; <span class="prelude-ty">Result</span>&lt;bool, ErrorStack&gt;
<span class="kw">where
</span>T: HasPublic,
{
<span class="kw">unsafe </span>{ cvt_n(ffi::X509_CRL_verify(<span class="self">self</span>.as_ptr(), key.as_ptr())).map(|n| n != <span class="number">0</span>) }
}
}
<span class="doccomment">/// The result of peer certificate verification.
</span><span class="attribute">#[derive(Copy, Clone, PartialEq, Eq)]
</span><span class="kw">pub struct </span>X509VerifyResult(c_int);
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>X509VerifyResult {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, fmt: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
fmt.debug_struct(<span class="string">&quot;X509VerifyResult&quot;</span>)
.field(<span class="string">&quot;code&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.<span class="number">0</span>)
.field(<span class="string">&quot;error&quot;</span>, <span class="kw-2">&amp;</span><span class="self">self</span>.error_string())
.finish()
}
}
<span class="kw">impl </span>fmt::Display <span class="kw">for </span>X509VerifyResult {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, fmt: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
fmt.write_str(<span class="self">self</span>.error_string())
}
}
<span class="kw">impl </span>Error <span class="kw">for </span>X509VerifyResult {}
<span class="kw">impl </span>X509VerifyResult {
<span class="doccomment">/// Creates an `X509VerifyResult` from a raw error number.
///
/// # Safety
///
/// Some methods on `X509VerifyResult` are not thread safe if the error
/// number is invalid.
</span><span class="kw">pub unsafe fn </span>from_raw(err: c_int) -&gt; X509VerifyResult {
X509VerifyResult(err)
}
<span class="doccomment">/// Return the integer representation of an `X509VerifyResult`.
</span><span class="attribute">#[allow(clippy::trivially_copy_pass_by_ref)]
</span><span class="kw">pub fn </span>as_raw(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; c_int {
<span class="self">self</span>.<span class="number">0
</span>}
<span class="doccomment">/// Return a human readable error string from the verification error.
///
/// This corresponds to [`X509_verify_cert_error_string`].
///
/// [`X509_verify_cert_error_string`]: https://www.openssl.org/docs/manmaster/crypto/X509_verify_cert_error_string.html
</span><span class="attribute">#[allow(clippy::trivially_copy_pass_by_ref)]
</span><span class="kw">pub fn </span>error_string(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>str {
ffi::init();
<span class="kw">unsafe </span>{
<span class="kw">let </span>s = ffi::X509_verify_cert_error_string(<span class="self">self</span>.<span class="number">0 </span><span class="kw">as </span>c_long);
str::from_utf8(CStr::from_ptr(s).to_bytes()).unwrap()
}
}
<span class="doccomment">/// Successful peer certificate verification.
</span><span class="kw">pub const </span>OK: X509VerifyResult = X509VerifyResult(ffi::X509_V_OK);
<span class="doccomment">/// Application verification failure.
</span><span class="kw">pub const </span>APPLICATION_VERIFICATION: X509VerifyResult =
X509VerifyResult(ffi::X509_V_ERR_APPLICATION_VERIFICATION);
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::GENERAL_NAME;
<span class="kw">fn </span>drop = ffi::GENERAL_NAME_free;
<span class="doccomment">/// An `X509` certificate alternative names.
</span><span class="kw">pub struct </span>GeneralName;
<span class="doccomment">/// Reference to `GeneralName`.
</span><span class="kw">pub struct </span>GeneralNameRef;
}
<span class="kw">impl </span>GeneralName {
<span class="kw">unsafe fn </span>new(
type_: c_int,
asn1_type: Asn1Type,
value: <span class="kw-2">&amp;</span>[u8],
) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
ffi::init();
<span class="kw">let </span>gn = GeneralName::from_ptr(cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>);
(<span class="kw-2">*</span>gn.as_ptr()).type_ = type_;
<span class="kw">let </span>s = cvt_p(ffi::ASN1_STRING_type_new(asn1_type.as_raw()))<span class="question-mark">?</span>;
ffi::ASN1_STRING_set(s, value.as_ptr().cast(), value.len().try_into().unwrap());
<span class="attribute">#[cfg(boringssl)]
</span>{
(<span class="kw-2">*</span>gn.as_ptr()).d.ptr = s.cast();
}
<span class="attribute">#[cfg(not(boringssl))]
</span>{
(<span class="kw-2">*</span>gn.as_ptr()).d = s.cast();
}
<span class="prelude-val">Ok</span>(gn)
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_email(email: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_EMAIL, Asn1Type::IA5STRING, email) }
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_dns(dns: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_DNS, Asn1Type::IA5STRING, dns) }
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_uri(uri: <span class="kw-2">&amp;</span>[u8]) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">unsafe </span>{ GeneralName::new(ffi::GEN_URI, Asn1Type::IA5STRING, uri) }
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_ip(ip: IpAddr) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">match </span>ip {
IpAddr::V4(addr) =&gt; <span class="kw">unsafe </span>{
GeneralName::new(ffi::GEN_IPADD, Asn1Type::OCTET_STRING, <span class="kw-2">&amp;</span>addr.octets())
},
IpAddr::V6(addr) =&gt; <span class="kw">unsafe </span>{
GeneralName::new(ffi::GEN_IPADD, Asn1Type::OCTET_STRING, <span class="kw-2">&amp;</span>addr.octets())
},
}
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_rid(oid: Asn1Object) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
<span class="kw">let </span>gn = cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>;
(<span class="kw-2">*</span>gn).type_ = ffi::GEN_RID;
<span class="attribute">#[cfg(boringssl)]
</span>{
(<span class="kw-2">*</span>gn).d.registeredID = oid.as_ptr();
}
<span class="attribute">#[cfg(not(boringssl))]
</span>{
(<span class="kw-2">*</span>gn).d = oid.as_ptr().cast();
}
mem::forget(oid);
<span class="prelude-val">Ok</span>(GeneralName::from_ptr(gn))
}
}
<span class="kw">pub</span>(<span class="kw">crate</span>) <span class="kw">fn </span>new_other_name(
oid: Asn1Object,
value: <span class="kw-2">&amp;</span>Vec&lt;u8&gt;,
) -&gt; <span class="prelude-ty">Result</span>&lt;GeneralName, ErrorStack&gt; {
<span class="kw">unsafe </span>{
ffi::init();
<span class="kw">let </span>typ = cvt_p(ffi::d2i_ASN1_TYPE(
ptr::null_mut(),
<span class="kw-2">&amp;mut </span>value.as_ptr().cast(),
value.len().try_into().unwrap(),
))<span class="question-mark">?</span>;
<span class="kw">let </span>gn = cvt_p(ffi::GENERAL_NAME_new())<span class="question-mark">?</span>;
(<span class="kw-2">*</span>gn).type_ = ffi::GEN_OTHERNAME;
<span class="kw">if let </span><span class="prelude-val">Err</span>(e) = cvt(ffi::GENERAL_NAME_set0_othername(
gn,
oid.as_ptr().cast(),
typ,
)) {
ffi::GENERAL_NAME_free(gn);
<span class="kw">return </span><span class="prelude-val">Err</span>(e);
}
mem::forget(oid);
<span class="prelude-val">Ok</span>(GeneralName::from_ptr(gn))
}
}
}
<span class="kw">impl </span>GeneralNameRef {
<span class="kw">fn </span>ia5_string(<span class="kw-2">&amp;</span><span class="self">self</span>, ffi_type: c_int) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>str&gt; {
<span class="kw">unsafe </span>{
<span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi_type {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
<span class="attribute">#[cfg(boringssl)]
</span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d.ptr;
<span class="attribute">#[cfg(not(boringssl))]
</span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d;
<span class="kw">let </span>ptr = ASN1_STRING_get0_data(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>);
<span class="kw">let </span>len = ffi::ASN1_STRING_length(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>);
<span class="kw">let </span>slice = slice::from_raw_parts(ptr <span class="kw">as </span><span class="kw-2">*const </span>u8, len <span class="kw">as </span>usize);
<span class="comment">// IA5Strings are stated to be ASCII (specifically IA5). Hopefully
// OpenSSL checks that when loading a certificate but if not we&#39;ll
// use this instead of from_utf8_unchecked just in case.
</span>str::from_utf8(slice).ok()
}
}
<span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `rfc822Name`.
</span><span class="kw">pub fn </span>email(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>str&gt; {
<span class="self">self</span>.ia5_string(ffi::GEN_EMAIL)
}
<span class="doccomment">/// Returns the contents of this `GeneralName` if it is a `directoryName`.
</span><span class="kw">pub fn </span>directory_name(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>X509NameRef&gt; {
<span class="kw">unsafe </span>{
<span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi::GEN_DIRNAME {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
<span class="attribute">#[cfg(boringssl)]
</span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d.ptr;
<span class="attribute">#[cfg(not(boringssl))]
</span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d;
<span class="prelude-val">Some</span>(X509NameRef::from_const_ptr(d <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>))
}
}
<span class="doccomment">/// Returns the contents of this `GeneralName` if it is a `dNSName`.
</span><span class="kw">pub fn </span>dnsname(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>str&gt; {
<span class="self">self</span>.ia5_string(ffi::GEN_DNS)
}
<span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `uniformResourceIdentifier`.
</span><span class="kw">pub fn </span>uri(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>str&gt; {
<span class="self">self</span>.ia5_string(ffi::GEN_URI)
}
<span class="doccomment">/// Returns the contents of this `GeneralName` if it is an `iPAddress`.
</span><span class="kw">pub fn </span>ipaddress(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>[u8]&gt; {
<span class="kw">unsafe </span>{
<span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != ffi::GEN_IPADD {
<span class="kw">return </span><span class="prelude-val">None</span>;
}
<span class="attribute">#[cfg(boringssl)]
</span><span class="kw">let </span>d: <span class="kw-2">*const </span>ffi::ASN1_STRING = std::mem::transmute((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d);
<span class="attribute">#[cfg(not(boringssl))]
</span><span class="kw">let </span>d = (<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).d;
<span class="kw">let </span>ptr = ASN1_STRING_get0_data(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>);
<span class="kw">let </span>len = ffi::ASN1_STRING_length(d <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>);
<span class="prelude-val">Some</span>(slice::from_raw_parts(ptr <span class="kw">as </span><span class="kw-2">*const </span>u8, len <span class="kw">as </span>usize))
}
}
}
<span class="kw">impl </span>fmt::Debug <span class="kw">for </span>GeneralNameRef {
<span class="kw">fn </span>fmt(<span class="kw-2">&amp;</span><span class="self">self</span>, formatter: <span class="kw-2">&amp;mut </span>fmt::Formatter&lt;<span class="lifetime">&#39;_</span>&gt;) -&gt; fmt::Result {
<span class="kw">if let </span><span class="prelude-val">Some</span>(email) = <span class="self">self</span>.email() {
formatter.write_str(email)
} <span class="kw">else if let </span><span class="prelude-val">Some</span>(dnsname) = <span class="self">self</span>.dnsname() {
formatter.write_str(dnsname)
} <span class="kw">else if let </span><span class="prelude-val">Some</span>(uri) = <span class="self">self</span>.uri() {
formatter.write_str(uri)
} <span class="kw">else if let </span><span class="prelude-val">Some</span>(ipaddress) = <span class="self">self</span>.ipaddress() {
<span class="kw">let </span>address = &lt;[u8; <span class="number">16</span>]&gt;::try_from(ipaddress)
.map(IpAddr::from)
.or_else(|<span class="kw">_</span>| &lt;[u8; <span class="number">4</span>]&gt;::try_from(ipaddress).map(IpAddr::from));
<span class="kw">match </span>address {
<span class="prelude-val">Ok</span>(a) =&gt; fmt::Debug::fmt(<span class="kw-2">&amp;</span>a, formatter),
<span class="prelude-val">Err</span>(<span class="kw">_</span>) =&gt; fmt::Debug::fmt(ipaddress, formatter),
}
} <span class="kw">else </span>{
formatter.write_str(<span class="string">&quot;(empty)&quot;</span>)
}
}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>GeneralName {
<span class="kw">type </span>StackType = ffi::stack_st_GENERAL_NAME;
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::DIST_POINT;
<span class="kw">fn </span>drop = ffi::DIST_POINT_free;
<span class="doccomment">/// A `X509` distribution point.
</span><span class="kw">pub struct </span>DistPoint;
<span class="doccomment">/// Reference to `DistPoint`.
</span><span class="kw">pub struct </span>DistPointRef;
}
<span class="kw">impl </span>DistPointRef {
<span class="doccomment">/// Returns the name of this distribution point if it exists
</span><span class="kw">pub fn </span>distpoint(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>DistPointNameRef&gt; {
<span class="kw">unsafe </span>{ DistPointNameRef::from_const_ptr_opt((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).distpoint) }
}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::DIST_POINT_NAME;
<span class="kw">fn </span>drop = ffi::DIST_POINT_NAME_free;
<span class="doccomment">/// A `X509` distribution point.
</span><span class="kw">pub struct </span>DistPointName;
<span class="doccomment">/// Reference to `DistPointName`.
</span><span class="kw">pub struct </span>DistPointNameRef;
}
<span class="kw">impl </span>DistPointNameRef {
<span class="doccomment">/// Returns the contents of this DistPointName if it is a fullname.
</span><span class="kw">pub fn </span>fullname(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>StackRef&lt;GeneralName&gt;&gt; {
<span class="kw">unsafe </span>{
<span class="kw">if </span>(<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).type_ != <span class="number">0 </span>{
<span class="kw">return </span><span class="prelude-val">None</span>;
}
StackRef::from_const_ptr_opt((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).name.fullname)
}
}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>DistPoint {
<span class="kw">type </span>StackType = ffi::stack_st_DIST_POINT;
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::ACCESS_DESCRIPTION;
<span class="kw">fn </span>drop = ffi::ACCESS_DESCRIPTION_free;
<span class="doccomment">/// `AccessDescription` of certificate authority information.
</span><span class="kw">pub struct </span>AccessDescription;
<span class="doccomment">/// Reference to `AccessDescription`.
</span><span class="kw">pub struct </span>AccessDescriptionRef;
}
<span class="kw">impl </span>AccessDescriptionRef {
<span class="doccomment">/// Returns the access method OID.
</span><span class="kw">pub fn </span>method(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1ObjectRef {
<span class="kw">unsafe </span>{ Asn1ObjectRef::from_ptr((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).method) }
}
<span class="comment">// Returns the access location.
</span><span class="kw">pub fn </span>location(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>GeneralNameRef {
<span class="kw">unsafe </span>{ GeneralNameRef::from_ptr((<span class="kw-2">*</span><span class="self">self</span>.as_ptr()).location) }
}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>AccessDescription {
<span class="kw">type </span>StackType = ffi::stack_st_ACCESS_DESCRIPTION;
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_ALGOR;
<span class="kw">fn </span>drop = ffi::X509_ALGOR_free;
<span class="doccomment">/// An `X509` certificate signature algorithm.
</span><span class="kw">pub struct </span>X509Algorithm;
<span class="doccomment">/// Reference to `X509Algorithm`.
</span><span class="kw">pub struct </span>X509AlgorithmRef;
}
<span class="kw">impl </span>X509AlgorithmRef {
<span class="doccomment">/// Returns the ASN.1 OID of this algorithm.
</span><span class="kw">pub fn </span>object(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="kw-2">&amp;</span>Asn1ObjectRef {
<span class="kw">unsafe </span>{
<span class="kw">let </span><span class="kw-2">mut </span>oid = ptr::null();
X509_ALGOR_get0(<span class="kw-2">&amp;mut </span>oid, ptr::null_mut(), ptr::null_mut(), <span class="self">self</span>.as_ptr());
Asn1ObjectRef::from_const_ptr_opt(oid).expect(<span class="string">&quot;algorithm oid must not be null&quot;</span>)
}
}
}
<span class="macro">foreign_type_and_impl_send_sync! </span>{
<span class="kw">type </span>CType = ffi::X509_OBJECT;
<span class="kw">fn </span>drop = X509_OBJECT_free;
<span class="doccomment">/// An `X509` or an X509 certificate revocation list.
</span><span class="kw">pub struct </span>X509Object;
<span class="doccomment">/// Reference to `X509Object`
</span><span class="kw">pub struct </span>X509ObjectRef;
}
<span class="kw">impl </span>X509ObjectRef {
<span class="kw">pub fn </span>x509(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; <span class="prelude-ty">Option</span>&lt;<span class="kw-2">&amp;</span>X509Ref&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>ptr = X509_OBJECT_get0_X509(<span class="self">self</span>.as_ptr());
X509Ref::from_const_ptr_opt(ptr)
}
}
}
<span class="kw">impl </span>Stackable <span class="kw">for </span>X509Object {
<span class="kw">type </span>StackType = ffi::stack_st_X509_OBJECT;
}
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(boringssl, ossl110, libressl273))] </span>{
<span class="kw">use </span>ffi::{X509_getm_notAfter, X509_getm_notBefore, X509_up_ref, X509_get0_signature};
} <span class="kw">else </span>{
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_getm_notAfter(x: <span class="kw-2">*mut </span>ffi::X509) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_TIME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).cert_info).validity).notAfter
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_getm_notBefore(x: <span class="kw-2">*mut </span>ffi::X509) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_TIME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).cert_info).validity).notBefore
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_up_ref(x: <span class="kw-2">*mut </span>ffi::X509) {
ffi::CRYPTO_add_lock(
<span class="kw-2">&amp;mut </span>(<span class="kw-2">*</span>x).references,
<span class="number">1</span>,
ffi::CRYPTO_LOCK_X509,
<span class="string">&quot;mod.rs\0&quot;</span>.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>,
<span class="macro">line!</span>() <span class="kw">as </span>c_int,
);
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_get0_signature(
psig: <span class="kw-2">*mut *const </span>ffi::ASN1_BIT_STRING,
palg: <span class="kw-2">*mut *const </span>ffi::X509_ALGOR,
x: <span class="kw-2">*const </span>ffi::X509,
) {
<span class="kw">if </span>!psig.is_null() {
<span class="kw-2">*</span>psig = (<span class="kw-2">*</span>x).signature;
}
<span class="kw">if </span>!palg.is_null() {
<span class="kw-2">*</span>palg = (<span class="kw-2">*</span>x).sig_alg;
}
}
}
}
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(boringssl, ossl110, libressl350))] </span>{
<span class="kw">use </span>ffi::{
X509_ALGOR_get0, ASN1_STRING_get0_data, X509_STORE_CTX_get0_chain, X509_set1_notAfter,
X509_set1_notBefore, X509_REQ_get_version, X509_REQ_get_subject_name,
};
} <span class="kw">else </span>{
<span class="kw">use </span>ffi::{
ASN1_STRING_data <span class="kw">as </span>ASN1_STRING_get0_data,
X509_STORE_CTX_get_chain <span class="kw">as </span>X509_STORE_CTX_get0_chain,
X509_set_notAfter <span class="kw">as </span>X509_set1_notAfter,
X509_set_notBefore <span class="kw">as </span>X509_set1_notBefore,
};
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_REQ_get_version(x: <span class="kw-2">*mut </span>ffi::X509_REQ) -&gt; ::libc::c_long {
ffi::ASN1_INTEGER_get((<span class="kw-2">*</span>(<span class="kw-2">*</span>x).req_info).version)
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_REQ_get_subject_name(x: <span class="kw-2">*mut </span>ffi::X509_REQ) -&gt; <span class="kw-2">*mut </span>::ffi::X509_NAME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).req_info).subject
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_ALGOR_get0(
paobj: <span class="kw-2">*mut *const </span>ffi::ASN1_OBJECT,
pptype: <span class="kw-2">*mut </span>c_int,
pval: <span class="kw-2">*mut *mut </span>::libc::c_void,
alg: <span class="kw-2">*const </span>ffi::X509_ALGOR,
) {
<span class="kw">if </span>!paobj.is_null() {
<span class="kw-2">*</span>paobj = (<span class="kw-2">*</span>alg).algorithm;
}
<span class="macro">assert!</span>(pptype.is_null());
<span class="macro">assert!</span>(pval.is_null());
}
}
}
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, boringssl, libressl270))] </span>{
<span class="kw">use </span>ffi::X509_OBJECT_get0_X509;
} <span class="kw">else </span>{
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_OBJECT_get0_X509(x: <span class="kw-2">*mut </span>ffi::X509_OBJECT) -&gt; <span class="kw-2">*mut </span>ffi::X509 {
<span class="kw">if </span>(<span class="kw-2">*</span>x).type_ == ffi::X509_LU_X509 {
(<span class="kw-2">*</span>x).data.x509
} <span class="kw">else </span>{
ptr::null_mut()
}
}
}
}
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl350))] </span>{
<span class="kw">use </span>ffi::X509_OBJECT_free;
} <span class="kw">else if </span><span class="attribute">#[cfg(boringssl)] </span>{
<span class="kw">use </span>ffi::X509_OBJECT_free_contents <span class="kw">as </span>X509_OBJECT_free;
} <span class="kw">else </span>{
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_OBJECT_free(x: <span class="kw-2">*mut </span>ffi::X509_OBJECT) {
ffi::X509_OBJECT_free_contents(x);
ffi::CRYPTO_free(x <span class="kw">as </span><span class="kw-2">*mut </span>libc::c_void);
}
}
}
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl350, boringssl))] </span>{
<span class="kw">use </span>ffi::{
X509_CRL_get_issuer, X509_CRL_get0_nextUpdate, X509_CRL_get0_lastUpdate,
X509_CRL_get_REVOKED,
X509_REVOKED_get0_revocationDate, X509_REVOKED_get0_serialNumber,
};
} <span class="kw">else </span>{
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_CRL_get0_lastUpdate(x: <span class="kw-2">*const </span>ffi::X509_CRL) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_TIME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).lastUpdate
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_CRL_get0_nextUpdate(x: <span class="kw-2">*const </span>ffi::X509_CRL) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_TIME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).nextUpdate
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_CRL_get_issuer(x: <span class="kw-2">*const </span>ffi::X509_CRL) -&gt; <span class="kw-2">*mut </span>ffi::X509_NAME {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).issuer
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_CRL_get_REVOKED(x: <span class="kw-2">*const </span>ffi::X509_CRL) -&gt; <span class="kw-2">*mut </span>ffi::stack_st_X509_REVOKED {
(<span class="kw-2">*</span>(<span class="kw-2">*</span>x).crl).revoked
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_REVOKED_get0_serialNumber(x: <span class="kw-2">*const </span>ffi::X509_REVOKED) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_INTEGER {
(<span class="kw-2">*</span>x).serialNumber
}
<span class="attribute">#[allow(bad_style)]
</span><span class="kw">unsafe fn </span>X509_REVOKED_get0_revocationDate(x: <span class="kw-2">*const </span>ffi::X509_REVOKED) -&gt; <span class="kw-2">*mut </span>ffi::ASN1_TIME {
(<span class="kw-2">*</span>x).revocationDate
}
}
}
<span class="attribute">#[derive(Copy, Clone, PartialEq, Eq)]
</span><span class="kw">pub struct </span>X509PurposeId(c_int);
<span class="kw">impl </span>X509PurposeId {
<span class="kw">pub const </span>SSL_CLIENT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_CLIENT);
<span class="kw">pub const </span>SSL_SERVER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SSL_SERVER);
<span class="kw">pub const </span>NS_SSL_SERVER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_NS_SSL_SERVER);
<span class="kw">pub const </span>SMIME_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SMIME_SIGN);
<span class="kw">pub const </span>SMIME_ENCRYPT: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_SMIME_ENCRYPT);
<span class="kw">pub const </span>CRL_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_CRL_SIGN);
<span class="kw">pub const </span>ANY: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_ANY);
<span class="kw">pub const </span>OCSP_HELPER: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_OCSP_HELPER);
<span class="kw">pub const </span>TIMESTAMP_SIGN: X509PurposeId = X509PurposeId(ffi::X509_PURPOSE_TIMESTAMP_SIGN);
<span class="doccomment">/// Constructs an `X509PurposeId` from a raw OpenSSL value.
</span><span class="kw">pub fn </span>from_raw(id: c_int) -&gt; <span class="self">Self </span>{
X509PurposeId(id)
}
<span class="doccomment">/// Returns the raw OpenSSL value represented by this type.
</span><span class="kw">pub fn </span>as_raw(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; c_int {
<span class="self">self</span>.<span class="number">0
</span>}
}
<span class="doccomment">/// A reference to an [`X509_PURPOSE`].
</span><span class="kw">pub struct </span>X509PurposeRef(Opaque);
<span class="doccomment">/// Implements a wrapper type for the static `X509_PURPOSE` table in OpenSSL.
</span><span class="kw">impl </span>ForeignTypeRef <span class="kw">for </span>X509PurposeRef {
<span class="kw">type </span>CType = ffi::X509_PURPOSE;
}
<span class="kw">impl </span>X509PurposeRef {
<span class="doccomment">/// Get the internal table index of an X509_PURPOSE for a given short name. Valid short
/// names include
/// - &quot;sslclient&quot;,
/// - &quot;sslserver&quot;,
/// - &quot;nssslserver&quot;,
/// - &quot;smimesign&quot;,
/// - &quot;smimeencrypt&quot;,
/// - &quot;crlsign&quot;,
/// - &quot;any&quot;,
/// - &quot;ocsphelper&quot;,
/// - &quot;timestampsign&quot;
/// The index can be used with `X509PurposeRef::from_idx()` to get the purpose.
</span><span class="attribute">#[allow(clippy::unnecessary_cast)]
</span><span class="kw">pub fn </span>get_by_sname(sname: <span class="kw-2">&amp;</span>str) -&gt; <span class="prelude-ty">Result</span>&lt;c_int, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>sname = CString::new(sname).unwrap();
<span class="macro">cfg_if! </span>{
<span class="kw">if </span><span class="attribute">#[cfg(any(ossl110, libressl280))] </span>{
<span class="kw">let </span>purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() <span class="kw">as </span><span class="kw-2">*const </span><span class="kw">_</span>))<span class="question-mark">?</span>;
} <span class="kw">else </span>{
<span class="kw">let </span>purpose = cvt_n(ffi::X509_PURPOSE_get_by_sname(sname.as_ptr() <span class="kw">as </span><span class="kw-2">*mut </span><span class="kw">_</span>))<span class="question-mark">?</span>;
}
}
<span class="prelude-val">Ok</span>(purpose)
}
}
<span class="doccomment">/// Get an `X509PurposeRef` for a given index value. The index can be obtained from e.g.
/// `X509PurposeRef::get_by_sname()`.
</span><span class="attribute">#[corresponds(X509_PURPOSE_get0)]
</span><span class="kw">pub fn </span>from_idx(idx: c_int) -&gt; <span class="prelude-ty">Result</span>&lt;<span class="kw-2">&amp;</span><span class="lifetime">&#39;static </span>X509PurposeRef, ErrorStack&gt; {
<span class="kw">unsafe </span>{
<span class="kw">let </span>ptr = cvt_p(ffi::X509_PURPOSE_get0(idx))<span class="question-mark">?</span>;
<span class="prelude-val">Ok</span>(X509PurposeRef::from_ptr(ptr))
}
}
<span class="doccomment">/// Get the purpose value from an X509Purpose structure. This value is one of
/// - `X509_PURPOSE_SSL_CLIENT`
/// - `X509_PURPOSE_SSL_SERVER`
/// - `X509_PURPOSE_NS_SSL_SERVER`
/// - `X509_PURPOSE_SMIME_SIGN`
/// - `X509_PURPOSE_SMIME_ENCRYPT`
/// - `X509_PURPOSE_CRL_SIGN`
/// - `X509_PURPOSE_ANY`
/// - `X509_PURPOSE_OCSP_HELPER`
/// - `X509_PURPOSE_TIMESTAMP_SIGN`
</span><span class="kw">pub fn </span>purpose(<span class="kw-2">&amp;</span><span class="self">self</span>) -&gt; X509PurposeId {
<span class="kw">unsafe </span>{
<span class="kw">let </span>x509_purpose: <span class="kw-2">*mut </span>ffi::X509_PURPOSE = <span class="self">self</span>.as_ptr();
X509PurposeId::from_raw((<span class="kw-2">*</span>x509_purpose).purpose)
}
}
}
</code></pre></div>
</section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="openssl" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.66.0-nightly (5c8bff74b 2022-10-21)" ></div></body></html>