Leaf certificates are explicitly marked as non CA
This commit is contained in:
parent
11054385a6
commit
b4647d70a0
@ -161,9 +161,11 @@ fn gen_certificate(req: GenCertificateReq) -> anyhow::Result<(Vec<u8>, Vec<u8>)>
|
||||
}
|
||||
|
||||
// If cert is a CA or not
|
||||
let mut basic = BasicConstraints::new();
|
||||
if req.ca {
|
||||
cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
|
||||
basic.ca();
|
||||
}
|
||||
cert_builder.append_extension(basic.critical().build()?)?;
|
||||
|
||||
// Key usage
|
||||
let mut key_usage = KeyUsage::new();
|
||||
|
Loading…
Reference in New Issue
Block a user