From 1426a858ae1c4da30f777110e1253fa36bac2b41 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 22 Feb 2017 10:19:56 +0100
Subject: new-cert: mark basicConstraints and keyUsage x509v3 extensions as
 critical in the CSR.

Boulder's issue #565 "Golang errors on extensions marked critical" was
fixed upstream, cf. https://github.com/letsencrypt/boulder/issues/565 .
---
 lacme | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

(limited to 'lacme')

diff --git a/lacme b/lacme
index 75c1465..b654c7d 100755
--- a/lacme
+++ b/lacme
@@ -147,14 +147,10 @@ sub gen_csr(%) {
         "[ req_distinguished_name ]\n",
 
         "[ v3_req ]\n",
-        # XXX Golang errors on extensions marked critical
-        # https://github.com/letsencrypt/boulder/issues/565
-        #"basicConstraints     = critical, CA:FALSE\n",
-        "basicConstraints     = CA:FALSE\n",
+        "basicConstraints     = critical, CA:FALSE\n",
         "subjectKeyIdentifier = hash\n"
     );
-    #$config->print("keyUsage = critical, $args{keyUsage}\n")   if defined $args{keyUsage};
-    $config->print("keyUsage = $args{keyUsage}\n")             if defined $args{keyUsage};
+    $config->print("keyUsage = critical, $args{keyUsage}\n")   if defined $args{keyUsage};
     $config->print("subjectAltName = $args{subjectAltName}\n") if defined $args{subjectAltName};
     $config->close() or die "Can't close: $!";
 
-- 
cgit v1.2.3