| diff --git a/src/x509/mod.rs b/src/x509/mod.rs |
| index edd54aa..45f2467 100644 |
| --- a/src/x509/mod.rs |
| +++ b/src/x509/mod.rs |
| @@ -353,6 +353,19 @@ impl X509Builder { |
| unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) } |
| } |
| |
| + /// Signs the certificate with a private key but without a digest. |
| + /// |
| + /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null |
| + /// message digest. |
| + #[cfg(boringssl)] |
| + #[corresponds(X509_sign)] |
| + pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> |
| + where |
| + T: HasPrivate, |
| + { |
| + unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), ptr::null())).map(|_| ()) } |
| + } |
| + |
| /// Consumes the builder, returning the certificate. |
| pub fn build(self) -> X509 { |
| self.0 |
| @@ -1260,6 +1273,29 @@ impl X509ReqBuilder { |
| } |
| } |
| |
| + /// Sign the request using a private key without a digest. |
| + /// |
| + /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null |
| + /// message digest. |
| + /// |
| + /// This corresponds to [`X509_REQ_sign`]. |
| + /// |
| + /// [`X509_REQ_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_sign.html |
| + #[cfg(boringssl)] |
| + pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> |
| + where |
| + T: HasPrivate, |
| + { |
| + unsafe { |
| + cvt(ffi::X509_REQ_sign( |
| + self.0.as_ptr(), |
| + key.as_ptr(), |
| + ptr::null(), |
| + )) |
| + .map(|_| ()) |
| + } |
| + } |
| + |
| /// Returns the `X509Req`. |
| pub fn build(self) -> X509Req { |
| self.0 |