]> Cypherpunks.ru repositories - gogost.git/blobdiff - cmd/cer-selfsigned-example/main.go
projects / gogost.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
No need in digitalSignature KeyUsage for CA certificate
[gogost.git] / cmd / cer-selfsigned-example / main.go
diff --git a/cmd/cer-selfsigned-example/main.go b/cmd/cer-selfsigned-example/main.go
index f859f8d60b2f05472712c51394689345620c6102..8b79359f2a63a7426ce3f67aed5c2da7218c26c9 100644 (file)
--- a/cmd/cer-selfsigned-example/main.go
+++ b/cmd/cer-selfsigned-example/main.go
@@ -191,7 +191,6 @@ func main() {
        spki = spki[:20]
 
        cerTmpl := x509.Certificate{
-               KeyUsage:           x509.KeyUsageDigitalSignature,
                NotBefore:          notBefore,
                NotAfter:           notAfter,
                SerialNumber:       sn,
@@ -200,10 +199,12 @@ func main() {
                SubjectKeyId:       spki,
        }
        if *ca {
+               cerTmpl.BasicConstraintsValid = true
                cerTmpl.IsCA = true
-               cerTmpl.KeyUsage |= x509.KeyUsageCertSign
+               cerTmpl.KeyUsage = x509.KeyUsageCertSign
        } else {
                cerTmpl.DNSNames = []string{*cn}
+               cerTmpl.KeyUsage = x509.KeyUsageDigitalSignature
        }
 
        if caCer == nil {
Pure Go GOST cryptographic functions library