Skip to content

Commit

Permalink
ssntp/certs: Set signing usage when creating anchor cert
Browse files Browse the repository at this point in the history 
Since e71a8d6 every cert is not
labelled as a signing certificate. Rather than have every requestor of
an anchor certificate set this bit instead make the
certs.CreateAnchorCert() set this bit.

Signed-off-by: Rob Bradford <[email protected]>
  • Loading branch information
@rbradford
rbradford committed Aug 9, 2017
1 parent 81b734b commit 40e3e6d
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 1 deletion.
1 change: 0 additions & 1 deletion ciao-cert/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,6 @@ func createCertificates(role ssntp.Role) {
CAcertName := fmt.Sprintf("%s/CAcert-%s.pem", *installDir, firstHost)
certName := fmt.Sprintf("%s/cert-%s-%s.pem", *installDir, role.String(), firstHost)
if *isAnchor == true {
template.KeyUsage = template.KeyUsage | x509.KeyUsageCertSign
CAcertOut, err := os.Create(CAcertName)
if err != nil {
log.Fatalf("Failed to open %s for writing: %s", CAcertName, err)
Expand Down
1 change: 1 addition & 0 deletions ssntp/certs/certs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ func CreateAnchorCert(template *x509.Certificate, useElliptic bool, certOutput i
}

template.IsCA = true
template.KeyUsage = template.KeyUsage | x509.KeyUsageCertSign

// Create self-signed certificate
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, publicKey(priv), priv)
Expand Down

0 comments on commit 40e3e6d

Please sign in to comment.