Commit ccd9d9d4 authored by Filippo Valsorda's avatar Filippo Valsorda

crypto/x509: improve CertificateRequest docs

Change-Id: If3bab2dd5278ebc621235164e9d6ff710ba326ee
Reviewed-on: https://go-review.googlesource.com/c/160898Reviewed-by: default avatarAdam Langley <agl@golang.org>
parent 10faf001
...@@ -2272,21 +2272,25 @@ type CertificateRequest struct { ...@@ -2272,21 +2272,25 @@ type CertificateRequest struct {
Subject pkix.Name Subject pkix.Name
// Attributes is the dried husk of a bug and shouldn't be used. // Attributes contains the CSR attributes that can parse as
// pkix.AttributeTypeAndValueSET.
//
// Deprecated: use Extensions and ExtraExtensions instead for parsing and
// generating the requestedExtensions attribute.
Attributes []pkix.AttributeTypeAndValueSET Attributes []pkix.AttributeTypeAndValueSET
// Extensions contains raw X.509 extensions. When parsing CSRs, this // Extensions contains all requested extensions, in raw form. When parsing
// can be used to extract extensions that are not parsed by this // CSRs, this can be used to extract extensions that are not parsed by this
// package. // package.
Extensions []pkix.Extension Extensions []pkix.Extension
// ExtraExtensions contains extensions to be copied, raw, into any // ExtraExtensions contains extensions to be copied, raw, into any CSR
// marshaled CSR. Values override any extensions that would otherwise // marshaled by CreateCertificateRequest. Values override any extensions
// be produced based on the other fields but are overridden by any // that would otherwise be produced based on the other fields but are
// extensions specified in Attributes. // overridden by any extensions specified in Attributes.
// //
// The ExtraExtensions field is not populated when parsing CSRs, see // The ExtraExtensions field is not populated by ParseCertificateRequest,
// Extensions. // see Extensions instead.
ExtraExtensions []pkix.Extension ExtraExtensions []pkix.Extension
// Subject Alternate Name values. // Subject Alternate Name values.
...@@ -2385,21 +2389,21 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) ...@@ -2385,21 +2389,21 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error)
// CreateCertificateRequest creates a new certificate request based on a // CreateCertificateRequest creates a new certificate request based on a
// template. The following members of template are used: // template. The following members of template are used:
// //
// - Attributes // - SignatureAlgorithm
// - Subject
// - DNSNames // - DNSNames
// - EmailAddresses // - EmailAddresses
// - ExtraExtensions
// - IPAddresses // - IPAddresses
// - URIs // - URIs
// - SignatureAlgorithm // - ExtraExtensions
// - Subject // - Attributes (deprecated)
// //
// The private key is the private key of the signer. // priv is the private key to sign the CSR with, and the corresponding public
// key will be included in the CSR. It must implement crypto.Signer and its
// Public() method must return a *rsa.PublicKey or a *ecdsa.PublicKey. (A
// *rsa.PrivateKey or *ecdsa.PrivateKey satisfies this.)
// //
// The returned slice is the certificate request in DER encoding. // The returned slice is the certificate request in DER encoding.
//
// All keys types that are implemented via crypto.Signer are supported (This
// includes *rsa.PublicKey and *ecdsa.PublicKey.)
func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) { func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) {
key, ok := priv.(crypto.Signer) key, ok := priv.(crypto.Signer)
if !ok { if !ok {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment