aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/x509/x509_ca.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/x509/x509_ca.cpp')
-rw-r--r--src/cert/x509/x509_ca.cpp12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 1f3e643e9..ea7f3a405 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -63,19 +63,21 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
Extensions extensions;
+ extensions.add(
+ new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()),
+ true);
+
+ extensions.add(new Cert_Extension::Key_Usage(constraints), true);
+
extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key()));
extensions.add(
- new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit()));
+ new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
- extensions.add(new Cert_Extension::Key_Usage(constraints));
extensions.add(
new Cert_Extension::Extended_Key_Usage(req.ex_constraints()));
- extensions.add(
- new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
-
return make_cert(signer, rng, ca_sig_algo,
req.raw_public_key(),
not_before, not_after,
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 01:57:30 +0000