blob: 244e775e8a970ec06b8b405d4f477442a78cdb5a [file] [log] [blame]
diff --git a/src/x509/mod.rs b/src/x509/mod.rs
index edd54aa..45f2467 100644
--- a/src/x509/mod.rs
+++ b/src/x509/mod.rs
@@ -353,6 +353,19 @@ impl X509Builder {
unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) }
}
+ /// Signs the certificate with a private key but without a digest.
+ ///
+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
+ /// message digest.
+ #[cfg(boringssl)]
+ #[corresponds(X509_sign)]
+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
+ where
+ T: HasPrivate,
+ {
+ unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), ptr::null())).map(|_| ()) }
+ }
+
/// Consumes the builder, returning the certificate.
pub fn build(self) -> X509 {
self.0
@@ -1260,6 +1273,29 @@ impl X509ReqBuilder {
}
}
+ /// Sign the request using a private key without a digest.
+ ///
+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null
+ /// message digest.
+ ///
+ /// This corresponds to [`X509_REQ_sign`].
+ ///
+ /// [`X509_REQ_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_sign.html
+ #[cfg(boringssl)]
+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack>
+ where
+ T: HasPrivate,
+ {
+ unsafe {
+ cvt(ffi::X509_REQ_sign(
+ self.0.as_ptr(),
+ key.as_ptr(),
+ ptr::null(),
+ ))
+ .map(|_| ())
+ }
+ }
+
/// Returns the `X509Req`.
pub fn build(self) -> X509Req {
self.0