rcgen icon indicating copy to clipboard operation
rcgen copied to clipboard
verified publisher icon rustls

Should key usages be tracked as a `HashSet` instead?

Open djc opened this issue 1 year ago • 2 comments

In #264 code is pretty ugly because we're keeping track of whether an EKU already exists in the Vec that we hold. Should CertificateParams::key_usages and extended_key_usages be HashSet instead?

  • Does the order matter?
  • Is there a valid use case for having the same usage twice?

(I guess it could even be more like a bitset similar to what x509-parser apparently does.)

djc avatar Apr 08 '24 08:04 djc

Does the order matter

personally I'd like to keep rcgen as deterministic as possible, so IMO it would be good to have a consistent order.

edit: with that I mean to not introduce nondeterminism where there hasn't been such before.

est31 avatar Apr 08 '24 21:04 est31

We could order the key usages when we're writing out DER -- that would still generate a potentially different order than was retrieved from a parsed certificate but would at least be consistent/deterministic?

djc avatar Apr 09 '24 07:04 djc