1diff --git a/src/x509/mod.rs b/src/x509/mod.rs 2index edd54aa..45f2467 100644 3--- a/src/x509/mod.rs 4+++ b/src/x509/mod.rs 5@@ -353,6 +353,19 @@ impl X509Builder { 6 unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), hash.as_ptr())).map(|_| ()) } 7 } 8 9+ /// Signs the certificate with a private key but without a digest. 10+ /// 11+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null 12+ /// message digest. 13+ #[cfg(boringssl)] 14+ #[corresponds(X509_sign)] 15+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> 16+ where 17+ T: HasPrivate, 18+ { 19+ unsafe { cvt(ffi::X509_sign(self.0.as_ptr(), key.as_ptr(), ptr::null())).map(|_| ()) } 20+ } 21+ 22 /// Consumes the builder, returning the certificate. 23 pub fn build(self) -> X509 { 24 self.0 25@@ -1260,6 +1273,29 @@ impl X509ReqBuilder { 26 } 27 } 28 29+ /// Sign the request using a private key without a digest. 30+ /// 31+ /// This is the only way to sign with Ed25519 keys as BoringSSL doesn't support the null 32+ /// message digest. 33+ /// 34+ /// This corresponds to [`X509_REQ_sign`]. 35+ /// 36+ /// [`X509_REQ_sign`]: https://www.openssl.org/docs/man1.1.0/crypto/X509_REQ_sign.html 37+ #[cfg(boringssl)] 38+ pub fn sign_without_digest<T>(&mut self, key: &PKeyRef<T>) -> Result<(), ErrorStack> 39+ where 40+ T: HasPrivate, 41+ { 42+ unsafe { 43+ cvt(ffi::X509_REQ_sign( 44+ self.0.as_ptr(), 45+ key.as_ptr(), 46+ ptr::null(), 47+ )) 48+ .map(|_| ()) 49+ } 50+ } 51+ 52 /// Returns the `X509Req`. 53 pub fn build(self) -> X509Req { 54 self.0 55