crypto/x509: Extended Key Usage on X509 certificates yields unexpected flags #7516
Labels
Comments
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
by anu.engineer:
if you ask for Extended Key Usage in Certificates with the following Flags - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth | x509.ExtKeyUsageClientAuth}, CreateCertificate code generates "Code Signing" instead of the expected ServerAuth | ClientAuth in the Certificate. Please see the Line 69 in the code , this is a code sample modified from GO distribution with only one line modification +ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth | x509.ExtKeyUsageClientAuth}, http://play.golang.org/p/vpvoNPNlJU it was executed with following command ./certgen -host=anu.engineer.com -ca=true -duration=8760h0m0s -rsa-bits=2048 -start-date="Mar 11 00:00:00 2014" and when viewed with OpenSSL the certificate has the following fields aengineer$ openssl x509 -in cert.pem -text <<snip>> X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Extended Key Usage: Code Signing X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Alternative Name: DNS:anu.engineer.com <<snip>> Expected Values X509v3 Extended Key Usage: Server Auth, Client AuthThe text was updated successfully, but these errors were encountered: