From ac8d250d3abed51de4c34800ac9395cafa911859 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Mon, 23 Feb 2026 09:16:20 +0800 Subject: [PATCH 1/3] fix: remove dead take() call and unused import in extension parser Remove `rem.take(rem.input_len())` which was a no-op that consumed the remainder but discarded the result. Also remove the now-unused `Input as _` import from nom. --- src/extensions/mod.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/extensions/mod.rs b/src/extensions/mod.rs index ff730c4..a57ff56 100644 --- a/src/extensions/mod.rs +++ b/src/extensions/mod.rs @@ -9,7 +9,7 @@ use asn1_rs::{ }; use nom::combinator::{all_consuming, complete, map}; use nom::multi::many0; -use nom::{Err, IResult, Input as _, Mode, Parser}; +use nom::{Err, IResult, Mode, Parser}; use oid_registry::*; use std::collections::HashMap; @@ -229,7 +229,6 @@ impl<'i> Parser> for X509ExtensionParser { let parsed_extension = if self.deep_parse_extensions { parser::parse_extension(value.clone(), &oid, critical) } else { - rem.take(rem.input_len()); ParsedExtension::Unparsed }; From e28fda33ea07e67d8e971106e5ec4d5f4edfa3a6 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Mon, 23 Feb 2026 09:17:01 +0800 Subject: [PATCH 2/3] fix: use take_from() for remainder in ns_comment parser Change `input.take(input.input_len())` to `input.take_from(input.input_len())` so that the returned remainder is empty as intended. `take()` returns the first N bytes while `take_from()` returns bytes after position N. --- src/extensions/ns_comment.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/extensions/ns_comment.rs b/src/extensions/ns_comment.rs index 0aaa6d4..76978de 100644 --- a/src/extensions/ns_comment.rs +++ b/src/extensions/ns_comment.rs @@ -17,7 +17,7 @@ pub fn parse_der_nscomment(input: Input<'_>) -> IResult, &str, X509Err // Some implementations encode the comment directly, without // wrapping it in an IA5String if let Ok(s) = std::str::from_utf8(input.as_bytes2()) { - Ok((input.take(input.input_len()), s)) + Ok((input.take_from(input.input_len()), s)) } else { Err(Err::Error(X509Error::DerParser( InnerError::StringInvalidCharset, From 8c34e258d404eb072e375ab2f0121b2c9d5e8c70 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Mon, 23 Feb 2026 09:18:07 +0800 Subject: [PATCH 3/3] fix: correct doc comments referencing CRL instead of CSR in certification_request The doc comments on `attributes()`, `iter_attributes()`, `find_attribute()`, and `attributes_map()` incorrectly said "CRL entry extensions" when they should say "CSR attributes". --- src/certification_request.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/certification_request.rs b/src/certification_request.rs index f1a3e3d..4829bf5 100644 --- a/src/certification_request.rs +++ b/src/certification_request.rs @@ -192,26 +192,26 @@ pub struct X509CertificationRequestInfo<'a> { } impl X509CertificationRequestInfo<'_> { - /// Get the CRL entry extensions. + /// Get the CSR attributes. #[inline] pub fn attributes(&self) -> &[X509CriAttribute<'_>] { &self.attributes } - /// Returns an iterator over the CRL entry extensions + /// Returns an iterator over the CSR attributes #[inline] pub fn iter_attributes(&self) -> impl Iterator> { self.attributes.iter() } - /// Searches for a CRL entry extension with the given `Oid`. + /// Searches for a CSR attribute with the given `Oid`. /// /// Note: if there are several extensions with the same `Oid`, the first one is returned. pub fn find_attribute(&self, oid: &Oid) -> Option<&X509CriAttribute<'_>> { self.attributes.iter().find(|&ext| ext.oid == *oid) } - /// Builds and returns a map of CRL entry extensions. + /// Builds and returns a map of CSR attributes. /// /// If an extension is present twice, this will fail and return `DuplicateExtensions`. pub fn attributes_map(&self) -> Result, &X509CriAttribute<'_>>, X509Error> {