sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

x509: Also encode extendedKeyUsage in cert requests if there are no SANs or certificate type

Browse Source 
Probably never was an issue in practice as most certificates contain at
least one SAN.
This commit is contained in:
Tobias Brunner 2023-11-15 17:01:02 +01:00
parent 14cc5b845e
commit ba08e01b86
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libstrongswan/plugins/x509/x509_pkcs10.c
View File

@ -337,7 +337,7 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key,
extendedKeyUsage = x509_generate_eku_extension(cert->flags);
/* encode extensionRequest attribute */
if (subjectAltNames.ptr || certTypeExt.ptr)
if (subjectAltNames.ptr || certTypeExt.ptr || extendedKeyUsage.ptr)
{
extensionRequest = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_build_known_oid(OID_EXTENSION_REQUEST),