Leaf certificates are explicitly marked as non CA

This commit is contained in:
Pierre HUBERT 2024-06-28 22:04:36 +02:00
parent 11054385a6
commit b4647d70a0

View File

@ -161,9 +161,11 @@ fn gen_certificate(req: GenCertificateReq) -> anyhow::Result<(Vec<u8>, Vec<u8>)>
}
// If cert is a CA or not
let mut basic = BasicConstraints::new();
if req.ca {
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
basic.ca();
}
cert_builder.append_extension(basic.critical().build()?)?;
// Key usage
let mut key_usage = KeyUsage::new();