From 1426a858ae1c4da30f777110e1253fa36bac2b41 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 22 Feb 2017 10:19:56 +0100 Subject: new-cert: mark basicConstraints and keyUsage x509v3 extensions as critical in the CSR. Boulder's issue #565 "Golang errors on extensions marked critical" was fixed upstream, cf. https://github.com/letsencrypt/boulder/issues/565 . --- Changelog | 3 +++ lacme | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Changelog b/Changelog index 035451c..451eace 100644 --- a/Changelog +++ b/Changelog @@ -7,6 +7,9 @@ lacme (0.3) upstream; - new-cert: sort section names if not passed explicitely. - new-cert: new CLI option "min-days" overriding the value found in the configuration file. + - new-cert: mark the basicConstraints (CA:FALSE) and keyUsage x509v3 + extensions as critical in the CSR, following upstream fix of + Boulder's issue #565. -- Guilhem Moulin Sun, 19 Feb 2017 13:08:41 +0100 diff --git a/lacme b/lacme index 75c1465..b654c7d 100755 --- a/lacme +++ b/lacme @@ -147,14 +147,10 @@ sub gen_csr(%) { "[ req_distinguished_name ]\n", "[ v3_req ]\n", - # XXX Golang errors on extensions marked critical - # https://github.com/letsencrypt/boulder/issues/565 - #"basicConstraints = critical, CA:FALSE\n", - "basicConstraints = CA:FALSE\n", + "basicConstraints = critical, CA:FALSE\n", "subjectKeyIdentifier = hash\n" ); - #$config->print("keyUsage = critical, $args{keyUsage}\n") if defined $args{keyUsage}; - $config->print("keyUsage = $args{keyUsage}\n") if defined $args{keyUsage}; + $config->print("keyUsage = critical, $args{keyUsage}\n") if defined $args{keyUsage}; $config->print("subjectAltName = $args{subjectAltName}\n") if defined $args{subjectAltName}; $config->close() or die "Can't close: $!"; -- cgit v1.2.3