diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-05-20 16:13:12 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-20 21:37:13 +0200 |
| commit | 57c8178d6bed71f126d5a175684a7307cdcd1d75 (patch) | |
| tree | 2ed5dce056a1bd17a3abb73a6e0ebf7292982a18 /src | |
| parent | b2e7ed0b5d2ee90874a66fc9a054812155e50448 (diff) | |
| download | gnutls-57c8178d6bed71f126d5a175684a7307cdcd1d75.tar.gz | |
certtool: CA certificates will contain the digital signature key usage flag
This change ensures that all certificates will contain the digital
signature key usage flag if that's specified in the template.
Resolves: #767
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index f34f7d4573..2e4ab86e93 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2003-2016 Free Software Foundation, Inc. - * Copyright (C) 2015-2017 Red Hat, Inc. + * Copyright (C) 2015-2019 Red Hat, Inc. * * This file is part of GnuTLS. * @@ -579,6 +579,10 @@ generate_certificate(gnutls_privkey_t * ret_key, app_exit(1); } } + } else if (ca_status) { + /* CAs always sign */ + if (get_sign_status(server)) + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; } result = get_key_agreement_status(); |