dan/certifix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add key usage/extended key usage extensions

Browse Source
This commit is contained in:
Daniel Barlow 2024-10-04 23:20:20 +01:00
parent 4942285f6d
commit b1e869e125
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
main.fnl
View File

@ -98,8 +98,11 @@
(for [i 1 (csr:getRequestedExtensionCount) 1] (for [i 1 (csr:getRequestedExtensionCount) 1]
(let [ext (csr:getRequestedExtension i)] (let [ext (csr:getRequestedExtension i)]
(crt:addExtension ext))) (crt:addExtension ext)))
;; https://www.golinuxcloud.com/add-x509-extensions-to-certificate-openssl/
(doto crt (doto crt
(: :addExtension (extension.new "basicConstraints" "critical,CA:FALSE")) (: :addExtension (extension.new "basicConstraints" "critical,CA:FALSE"))
(: :addExtension (extension.new "keyUsage" "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment")) ;; all of these?
(: :addExtension (extension.new "extendedKeyUsage" "clientAuth"))
(: :sign ca-key)))) (: :sign ca-key))))
(fn approve-request? [csr] (fn approve-request? [csr]