Skip to content

FFI: Enumeration of entries in an X.509 CRL #5220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
reneme merged 2 commits into from
Jan 11, 2026
Merged

FFI: Enumeration of entries in an X.509 CRL #5220

reneme merged 2 commits into from
Jan 11, 2026
+173 −0

Conversation

@reneme
Copy link
Collaborator

@reneme reneme commented Jan 9, 2026

This adds botan_x509_crl_get_entries that allows listing individual CRL entries along with the affected certificate serial, the revocation time and reason.

The serial number is retrieved as a big-endian binary encoding into a user-provided buffer. Using the view-callback style doesn't strike me as feasible or ergonomic for this. One would either have to introduce an additional function just for the serial or mixing out-params with view invocation in a single function call.

@reneme reneme requested review from atreiber94 and randombit January 9, 2026 08:35
@reneme reneme self-assigned this Jan 9, 2026
@reneme reneme mentioned this pull request Jan 9, 2026
Open
@reneme reneme force-pushed the feature/ffi_list_crl_entries branch from 7c8cda1 to 54f1b75 Compare January 9, 2026 08:38
@coveralls
Copy link

coveralls commented Jan 9, 2026
edited
Loading

Coverage Status

coverage: 90.425% (+0.005%) from 90.42%
when pulling bdcfce9 on Rohde-Schwarz:feature/ffi_list_crl_entries
into 9c30aa1 on randombit:master.

@reneme reneme force-pushed the feature/ffi_list_crl_entries branch from 54f1b75 to b3ac052 Compare January 9, 2026 10:31
randombit
randombit approved these changes Jan 9, 2026
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

I don't particularly like the API but the alternatives I can come up with are more work on our end for little to no benefit for end users so (shrug)

@reneme reneme force-pushed the feature/ffi_list_crl_entries branch from b3ac052 to 14b1e00 Compare January 9, 2026 14:34
@reneme reneme requested a review from Copilot January 9, 2026 14:34

This comment was marked as resolved.

Sign in to view

@reneme reneme requested a review from randombit January 9, 2026 15:33
@randombit randombit mentioned this pull request Jan 10, 2026
Open
reneme
reneme commented Jan 11, 2026
View reviewed changes
src/lib/ffi/ffi.h
Comment on lines +2280 to +2289
/**
* View the serial number associated with the given CRL @p entry.
*/
BOTAN_FFI_EXPORT(3, 11)
int botan_x509_crl_entry_view_serial_number(botan_x509_crl_entry_t entry, botan_view_ctx ctx, botan_view_bin_fn view);
Copy link
Collaborator Author

@reneme reneme Jan 11, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using the same argument as in #5221 regarding OIDs and also this explicit remark by @arckoor, we should consider adding an "overload" to export the CRL entry serial as a botan_mp_t object. I.e. provide botan_x509_crl_entry_serial_number(..., botan_mp_t* serial) along with this byte-oriented view function.

Copy link
Contributor

@arckoor arckoor Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There may be an argument for also adding an MPI view function for the existing X509 cert serial

Copy link
Collaborator Author

@reneme reneme Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll combine those in a follow-up PR after merging the current stack of changes.

reneme added 2 commits January 11, 2026 16:55
@reneme
Introduce "out of range" FFI error
134b124 
This error may be returned when a user requests an enumerable value at
an index that is out of range of the available values.
@reneme
Add FFI to query CRL entries
bdcfce9
@reneme reneme force-pushed the feature/ffi_list_crl_entries branch from 14b1e00 to bdcfce9 Compare January 11, 2026 15:57
@reneme reneme merged commit a4496f4 into randombit:master Jan 11, 2026
45 checks passed
@reneme reneme deleted the feature/ffi_list_crl_entries branch January 11, 2026 16:40
@reneme reneme mentioned this pull request Jan 11, 2026
Merged
arckoor
arckoor reviewed Jan 11, 2026
View reviewed changes
src/lib/ffi/ffi.h
* the CRL entry list.
*/
BOTAN_FFI_EXPORT(3, 11)
int botan_x509_crl_entries(botan_x509_crl_t crl, size_t index, botan_x509_crl_entry_t* entry);
Copy link
Contributor

@arckoor arckoor Jan 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nit: botan-rs has this neat macro, to simplify calling methods that write to a new object. It expects that new object to be the first parameter though. (used e.g. like so)

Copy link
Collaborator Author

@reneme reneme Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion in #5230 (comment)

@reneme reneme mentioned this pull request Jan 12, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@atreiber94 atreiber94 Awaiting requested review from atreiber94

@randombit randombit Awaiting requested review from randombit

+1 more reviewer

@arckoor arckoor arckoor left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@reneme reneme

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@reneme @coveralls @randombit @arckoor