Leaf certificates are explicitly marked as non CA
This commit is contained in:
parent
11054385a6
commit
b4647d70a0
@ -161,9 +161,11 @@ fn gen_certificate(req: GenCertificateReq) -> anyhow::Result<(Vec<u8>, Vec<u8>)>
|
|||||||
}
|
}
|
||||||
|
|
||||||
// If cert is a CA or not
|
// If cert is a CA or not
|
||||||
|
let mut basic = BasicConstraints::new();
|
||||||
if req.ca {
|
if req.ca {
|
||||||
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
|
basic.ca();
|
||||||
}
|
}
|
||||||
|
cert_builder.append_extension(basic.critical().build()?)?;
|
||||||
|
|
||||||
// Key usage
|
// Key usage
|
||||||
let mut key_usage = KeyUsage::new();
|
let mut key_usage = KeyUsage::new();
|
||||||
|
Loading…
Reference in New Issue
Block a user