adapt to x509 0.11.0 API changes

albatross.opam

@@ -20,7 +20,7 @@ depends: [
   "fmt"
   "astring"
   "jsonm"
-  "x509" {>= "0.10.0"}
+  "x509" {>= "0.11.0"}
   "tls" {>= "0.11.0"}
   "mirage-crypto-pk"
   "mirage-crypto-rng"

client/albatross_client_bistro.ml

@@ -69,7 +69,10 @@ let handle (host, port) cert key ca id (cmd : Vmm_commands.t) =
       key_ids extensions Signing_request.((info csr).public_key) (`RSA capub)
     in
     let issuer = Certificate.subject cert in
-    match Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer with
+    match
+      Rresult.R.error_to_msg ~pp_error:X509.Validation.pp_signature_error
+        (Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer)
+    with
     | Error _ as e -> Lwt.return e
     | Ok mycert ->
       let certificates = `Single ([ mycert ; cert ], tmpkey) in

provision/albatross_provision.ml

@@ -52,7 +52,8 @@ let sign ?dbname ?certname extensions issuer key csr delta =
         let capub = `RSA (Mirage_crypto_pk.Rsa.pub_of_priv priv) in
         key_ids extensions X509.Signing_request.((info csr).public_key) capub
   in
-  X509.Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer >>= fun cert ->
+  Rresult.R.error_to_msg ~pp_error:X509.Validation.pp_signature_error
+    (X509.Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer) >>= fun cert ->
   (match dbname with
    | None -> Ok () (* no DB! *)
    | Some dbname ->