Merge pull request #890 from ironSource/pki-fix

fix CA compatibility with OpenSSL
2015-12-29 12:04:03 -06:00 · 2015-12-29 12:04:03 -06:00 · b85c29349f
parent e43656c045 fba756075a
commit b85c29349f
1 changed files with 5 additions and 1 deletions
--- a/builtin/logical/pki/cert_util.go
+++ b/builtin/logical/pki/cert_util.go
@ -687,7 +687,11 @@ func addKeyUsages(creationInfo *creationBundle, certTemplate *x509.Certificate)
 		// Go performs validation not according to spec but according to the Windows
 		// Crypto API, so we add all usages to CA certs
 		certTemplate.KeyUsage = x509.KeyUsage(certTemplate.KeyUsage | x509.KeyUsageCertSign | x509.KeyUsageCRLSign)
-		certTemplate.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
+		certTemplate.ExtKeyUsage = []x509.ExtKeyUsage{
+			x509.ExtKeyUsageAny,
+			x509.ExtKeyUsageServerAuth,
+			x509.ExtKeyUsageClientAuth,
+		}
 	}
 }