From b4647d70a012ee11019b58a16bf8c97603be616c Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Fri, 28 Jun 2024 22:04:36 +0200 Subject: [PATCH] Leaf certificates are explicitly marked as non CA --- central_backend/src/crypto/pki.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/central_backend/src/crypto/pki.rs b/central_backend/src/crypto/pki.rs index 39f5a34..70f8ec4 100644 --- a/central_backend/src/crypto/pki.rs +++ b/central_backend/src/crypto/pki.rs @@ -161,9 +161,11 @@ fn gen_certificate(req: GenCertificateReq) -> anyhow::Result<(Vec, Vec)> } // If cert is a CA or not + let mut basic = BasicConstraints::new(); if req.ca { - cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?; + basic.ca(); } + cert_builder.append_extension(basic.critical().build()?)?; // Key usage let mut key_usage = KeyUsage::new();