allow specifying nsCertType in config

diff --git a/cam/ca.py b/cam/ca.py
index a19835f..f8a202f 100644 (file)
--- a/cam/ca.py
+++ b/cam/ca.py
@@ -169,7 +169,7 @@ class CA(object):
             csr_file = os.path.join(tmpdir, '%s.csr' % cert.name)
             conf_file = os.path.join(tmpdir, '%s.conf' % cert.name)
             ext_file = os.path.join(tmpdir, '%s-ext.conf' % cert.name)
             csr_file = os.path.join(tmpdir, '%s.csr' % cert.name)
             conf_file = os.path.join(tmpdir, '%s.conf' % cert.name)
             ext_file = os.path.join(tmpdir, '%s-ext.conf' % cert.name)

-            conf = {}
+            conf = {'usage': 'client, server'}

             conf.update(self.config)
             conf['cn'] = cert.cn
             conf['days'] = cert.days or self.config['default_days']
             conf.update(self.config)
             conf['cn'] = cert.cn
             conf['days'] = cert.days or self.config['default_days']

diff --git a/cam/templates/ext_config b/cam/templates/ext_config
index 596e406..486c087 100644 (file)
--- a/cam/templates/ext_config
+++ b/cam/templates/ext_config
@@ -1,5 +1,5 @@
 basicConstraints        = CA:false
 basicConstraints        = CA:false

-nsCertType              = client, server
+nsCertType              = %(usage)s

 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 subjectKeyIdentifier    = hash
 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage        = clientAuth, serverAuth
 subjectKeyIdentifier    = hash