From a6318ff9a257c8481cb2d459a9b13222ca4b2e99 Mon Sep 17 00:00:00 2001
From: beltram <beltram.maldant@gmail.com>
Date: Fri, 13 Oct 2023 11:11:23 +0200
Subject: [PATCH] wip

---
 openmls/src/credentials/certificate.rs | 16 ++++++++--------
 x509_credential/src/lib.rs             | 15 ++++++++-------
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/openmls/src/credentials/certificate.rs b/openmls/src/credentials/certificate.rs
index 480563cd3a..de89ad8c42 100644
--- a/openmls/src/credentials/certificate.rs
+++ b/openmls/src/credentials/certificate.rs
@@ -1,6 +1,5 @@
 use std::io::{Read, Write};
 
-use rustls_platform_verifier::CertificateDer;
 use serde::{Deserialize, Serialize};
 use tls_codec::VLBytes;
 use x509_cert::der::Decode;
@@ -64,22 +63,20 @@ impl Certificate {
         })
     }
 
-    fn get_end_entity(&self) -> Result<CertificateDer, CredentialError> {
+    fn get_end_entity(&self) -> Result<&[u8], CredentialError> {
         self.certificates
             .first()
             .map(VLBytes::as_slice)
-            .map(CertificateDer::from)
             .ok_or(CredentialError::InvalidCertificateChain)
     }
 
-    fn get_intermediates(&self) -> Result<Vec<CertificateDer>, CredentialError> {
+    fn get_intermediates(&self) -> Result<Vec<&[u8]>, CredentialError> {
         if self.certificates.len() < 2 {
             return Err(CredentialError::InvalidCertificateChain);
         }
         let intermediates = self.certificates.as_slice()[1..]
             .iter()
             .map(VLBytes::as_slice)
-            .map(CertificateDer::from)
             .collect::<Vec<_>>();
         Ok(intermediates)
     }
@@ -87,12 +84,15 @@ impl Certificate {
     pub fn verify(&self) -> Result<(), CredentialError> {
         let verifier = rustls_platform_verifier::WireClientVerifier::new();
 
-        let now = rustls_platform_verifier::UnixTime::now();
         let end_entity = self.get_end_entity()?;
         let intermediates = self.get_intermediates()?;
 
-        use rustls_platform_verifier::ClientCertVerifier as _;
-        verifier.verify_client_cert(&end_entity, &intermediates[..], now)?;
+        use rustls_platform_verifier::WireVerifier as _;
+        verifier.verify_client_cert(
+            &end_entity,
+            &intermediates[..],
+            rustls_platform_verifier::VerifyOptions::default(),
+        )?;
 
         Ok(())
     }
diff --git a/x509_credential/src/lib.rs b/x509_credential/src/lib.rs
index 930c8755ab..168bcc869c 100644
--- a/x509_credential/src/lib.rs
+++ b/x509_credential/src/lib.rs
@@ -4,7 +4,6 @@
 
 use base64::Engine;
 use openmls_basic_credential::SignatureKeyPair;
-use rustls_platform_verifier::CertificateDer;
 use x509_cert::der::Decode;
 
 use openmls_traits::{
@@ -27,19 +26,21 @@ impl CertificateKeyPair {
 
         let end_entity = cert_chain
             .get(0)
-            .map(|c| CertificateDer::from(c.as_slice()))
+            .map(|c| c.as_slice())
             .ok_or(CryptoError::IncompleteCertificateChain)?;
 
         let intermediates = cert_chain.as_slice()[1..]
             .into_iter()
-            .map(|c| CertificateDer::from(c.as_slice()))
+            .map(|c| c.as_slice())
             .collect::<Vec<_>>();
 
-        let now = rustls_platform_verifier::UnixTime::now();
-
-        use rustls_platform_verifier::ClientCertVerifier as _;
+        use rustls_platform_verifier::WireVerifier as _;
         verifier
-            .verify_client_cert(&end_entity, &intermediates[..], now)
+            .verify_client_cert(
+                &end_entity,
+                &intermediates[..],
+                rustls_platform_verifier::VerifyOptions::default(),
+            )
             .map_err(|_| CryptoError::InvalidCertificateChain)?;
 
         // We use x509_cert crate here because it is better at introspecting certs compared rustls which