Should key usages be tracked as a `HashSet` instead?
djc opened this issue · comments
In #264 code is pretty ugly because we're keeping track of whether an EKU already exists in the Vec
that we hold. Should CertificateParams::key_usages
and extended_key_usages
be HashSet
instead?
- Does the order matter?
- Is there a valid use case for having the same usage twice?
(I guess it could even be more like a bitset similar to what x509-parser apparently does.)
Does the order matter
personally I'd like to keep rcgen as deterministic as possible, so IMO it would be good to have a consistent order.
edit: with that I mean to not introduce nondeterminism where there hasn't been such before.
We could order the key usages when we're writing out DER -- that would still generate a potentially different order than was retrieved from a parsed certificate but would at least be consistent/deterministic?