diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2017-02-22 10:19:56 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2017-02-22 10:50:28 +0100 |
commit | 1426a858ae1c4da30f777110e1253fa36bac2b41 (patch) | |
tree | f6353b2ff6794bed772186cb183d12f733fc494c /lacme | |
parent | 23f051faf049e5020b81e6bf419e35f3d5054da2 (diff) |
new-cert: mark basicConstraints and keyUsage x509v3 extensions as critical in the CSR.
Boulder's issue #565 "Golang errors on extensions marked critical" was
fixed upstream, cf. https://github.com/letsencrypt/boulder/issues/565 .
Diffstat (limited to 'lacme')
-rwxr-xr-x | lacme | 8 |
1 files changed, 2 insertions, 6 deletions
@@ -147,14 +147,10 @@ sub gen_csr(%) { "[ req_distinguished_name ]\n", "[ v3_req ]\n", - # XXX Golang errors on extensions marked critical - # https://github.com/letsencrypt/boulder/issues/565 - #"basicConstraints = critical, CA:FALSE\n", - "basicConstraints = CA:FALSE\n", + "basicConstraints = critical, CA:FALSE\n", "subjectKeyIdentifier = hash\n" ); - #$config->print("keyUsage = critical, $args{keyUsage}\n") if defined $args{keyUsage}; - $config->print("keyUsage = $args{keyUsage}\n") if defined $args{keyUsage}; + $config->print("keyUsage = critical, $args{keyUsage}\n") if defined $args{keyUsage}; $config->print("subjectAltName = $args{subjectAltName}\n") if defined $args{subjectAltName}; $config->close() or die "Can't close: $!"; |