You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The tls library in go mandates that client certificates have extendedKeyUsage that
contains a clientAuth. However it does not do the same for serverAuth. Ideally it would
do this check anytime there is an extendedKeyUsage extension on the certificate.
The text was updated successfully, but these errors were encountered:
rsc
changed the title
crypto/tls: Require serverAuth if extendedKeyUsage on certificate
crypto/tls: require serverAuth if extendedKeyUsage on certificate
Apr 10, 2015
handshake_client.go doesn't set the KeyUsages member of x509.VerifyOptions. That means that the default behaviour takes effect, which is to require ExtKeyUsageServerAuth down the chain. (Although MS and Netscape SGC usages are accepted as equal to ServerAuth in order to support certificates in the wild.)
If you think that this isn't working, that would be a bug, but it's supposed to.
by donald.stufft:
The text was updated successfully, but these errors were encountered: