No need in digitalSignature KeyUsage for CA certificate

author Sergey Matveev <stargrave@stargrave.org>

Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)

committer Sergey Matveev <stargrave@stargrave.org>

Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)
author Sergey Matveev <stargrave@stargrave.org>
Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)
committer Sergey Matveev <stargrave@stargrave.org>
Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)
diff --git a/cmd/cer-selfsigned-example/main.go b/cmd/cer-selfsigned-example/main.go

index 942de48c484bea51c889d069497fb290074bdb8c..8b79359f2a63a7426ce3f67aed5c2da7218c26c9 100644 (file)
--- a/cmd/cer-selfsigned-example/main.go
+++ b/cmd/cer-selfsigned-example/main.go
@@ -191,7 +191,6 @@ func main() {
         spki = spki[:20]
  
         cerTmpl := x509.Certificate{
-               KeyUsage:           x509.KeyUsageDigitalSignature,
                 NotBefore:          notBefore,
                 NotAfter:           notAfter,
                 SerialNumber:       sn,
@@ -202,9 +201,10 @@ func main() {
         if *ca {
                 cerTmpl.BasicConstraintsValid = true
                 cerTmpl.IsCA = true
-               cerTmpl.KeyUsage |= x509.KeyUsageCertSign
+               cerTmpl.KeyUsage = x509.KeyUsageCertSign
         } else {
                 cerTmpl.DNSNames = []string{*cn}
+               cerTmpl.KeyUsage = x509.KeyUsageDigitalSignature
         }
  
         if caCer == nil {
author	Sergey Matveev <stargrave@stargrave.org>
	Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)
committer	Sergey Matveev <stargrave@stargrave.org>
	Mon, 20 Mar 2023 08:29:50 +0000 (11:29 +0300)