]> Cypherpunks.ru repositories - pygost.git/commitdiff
projects / pygost.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ce954e1)
CA-related extensions should be critical
authorSergey Matveev <stargrave@stargrave.org>
Wed, 6 Oct 2021 10:33:00 +0000 (13:33 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Wed, 6 Oct 2021 10:33:00 +0000 (13:33 +0300)
pygost/asn1schemas/cert-selfsigned-example.py patch | blob | history

diff --git a/pygost/asn1schemas/cert-selfsigned-example.py b/pygost/asn1schemas/cert-selfsigned-example.py
index df832ba4fe07fd408d47dde12584efeb00d68340..edce6969a92feef39d3d629fc575f26d40c64efa 100755 (executable)
--- a/pygost/asn1schemas/cert-selfsigned-example.py
+++ b/pygost/asn1schemas/cert-selfsigned-example.py
@@ -237,10 +237,14 @@ exts = [
 if args.ca:
     exts.append(Extension((
         ("extnID", id_ce_basicConstraints),
-        ("extnValue", OctetString(BasicConstraints((("cA", Boolean(True)),)).encode())),
+        ("critical", Boolean(True)),
+        ("extnValue", OctetString(BasicConstraints((
+            ("cA", Boolean(True)),
+        )).encode())),
     )))
     exts.append(Extension((
         ("extnID", id_ce_keyUsage),
+        ("critical", Boolean(True)),
         ("extnValue", OctetString(KeyUsage(("keyCertSign",)).encode())),
     )))
 if ca_ai is not None:
Pure Python GOST cryptographic functions library