From: ale Date: Sun, 29 Dec 2013 16:55:56 +0000 (+0000) Subject: allow specifying nsCertType in config X-Git-Url: https://v.licheni.net/stack/cam.git/commitdiff_plain/2397de7d1d5a2617b9a72e087d4514c7203a3e21?hp=ad5c70b16614ae63bafe762e962583a08da502c2 allow specifying nsCertType in config --- diff --git a/cam/ca.py b/cam/ca.py index a19835f..f8a202f 100644 --- a/cam/ca.py +++ b/cam/ca.py @@ -169,7 +169,7 @@ class CA(object): csr_file = os.path.join(tmpdir, '%s.csr' % cert.name) conf_file = os.path.join(tmpdir, '%s.conf' % cert.name) ext_file = os.path.join(tmpdir, '%s-ext.conf' % cert.name) - conf = {} + conf = {'usage': 'client, server'} conf.update(self.config) conf['cn'] = cert.cn conf['days'] = cert.days or self.config['default_days'] diff --git a/cam/templates/ext_config b/cam/templates/ext_config index 596e406..486c087 100644 --- a/cam/templates/ext_config +++ b/cam/templates/ext_config @@ -1,5 +1,5 @@ basicConstraints = CA:false -nsCertType = client, server +nsCertType = %(usage)s keyUsage = nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = clientAuth, serverAuth subjectKeyIdentifier = hash