add key usage/extended key usage extensions

main.fnl

@@ -98,8 +98,11 @@
     (for [i 1 (csr:getRequestedExtensionCount) 1]
       (let [ext (csr:getRequestedExtension i)]
         (crt:addExtension ext)))
+    ;; https://www.golinuxcloud.com/add-x509-extensions-to-certificate-openssl/
     (doto crt
       (: :addExtension (extension.new "basicConstraints" "critical,CA:FALSE"))
+      (: :addExtension (extension.new "keyUsage" "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment")) ;; all of these?
+      (: :addExtension (extension.new "extendedKeyUsage" "clientAuth"))
       (: :sign ca-key))))
 
 (fn approve-request? [csr]