compatibility with x509 0.9.0

albatross.opam

@@ -20,7 +20,7 @@ depends: [
   "fmt"
   "astring"
   "jsonm"
-  "x509" {>= "0.8.0"}
+  "x509" {>= "0.9.0"}
   "tls" {>= "0.9.0"}
   "nocrypto"
   "asn1-combinators" {>= "0.2.0"}

client/albatross_client_bistro.ml

@@ -63,15 +63,15 @@ let handle (host, port) cert key ca id (cmd : Vmm_commands.t) =
       let extensions = Signing_request.Ext.(singleton Extensions extensions) in
       Signing_request.create name ~extensions (`RSA tmpkey)
     in
-    let mycert =
     let valid_from, valid_until = timestamps 300 in
     let extensions =
       let capub = match key with `RSA key -> Nocrypto.Rsa.pub_of_priv key in
       key_ids extensions Signing_request.((info csr).public_key) (`RSA capub)
     in
     let issuer = Certificate.subject cert in
-      Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer
+    match Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer with
-    in
+    | Error _ as e -> Lwt.return e
+    | Ok mycert ->
       let certificates = `Single ([ mycert ; cert ], tmpkey) in
       X509_lwt.authenticator (`Ca_file ca) >>= fun authenticator ->
       Lwt_unix.gethostbyname host >>= fun host_entry ->

provision/albatross_provision.ml

@@ -52,7 +52,7 @@ let sign ?dbname ?certname extensions issuer key csr delta =
         let capub = `RSA (Nocrypto.Rsa.pub_of_priv priv) in
         key_ids extensions X509.Signing_request.((info csr).public_key) capub
   in
-  let cert = X509.Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer in
+  X509.Signing_request.sign csr ~valid_from ~valid_until ~extensions key issuer >>= fun cert ->
   (match dbname with
    | None -> Ok () (* no DB! *)
    | Some dbname ->