diff options
| author | lloyd <[email protected]> | 2010-03-10 16:30:50 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-10 16:30:50 +0000 |
| commit | fd79f63a44ad0b59507ac67bdb3eccbe4d45adbc (patch) | |
| tree | 2fc4ef1884d1d3dc18608b03ad4e675c68d0e137 /src/cert/x509/x509self.cpp | |
| parent | 66494f4d9db90d04d93874ee37e77a282dd71b07 (diff) | |
Remove config options to toggle if X.509 extensions are critical or
not. Instead provide via Extensions::add(). No way to modify behavior
currently, it just follows the previous default police.
Remove the config options from Library_State entirely. Die, mutable
singletons, die.
Diffstat (limited to 'src/cert/x509/x509self.cpp')
| -rw-r--r-- | src/cert/x509/x509self.cpp | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp index 89b63c8b2..68221cb4d 100644 --- a/src/cert/x509/x509self.cpp +++ b/src/cert/x509/x509self.cpp @@ -79,14 +79,19 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, Extensions extensions; - extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); - extensions.add(new Cert_Extension::Key_Usage(constraints)); extensions.add( - new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); + new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit), + true); + + extensions.add(new Cert_Extension::Key_Usage(constraints), true); + + extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); + extensions.add( new Cert_Extension::Subject_Alternative_Name(subject_alt)); + extensions.add( - new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); + new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key, opts.start, opts.end, |