Merge pull request #34 from bbaetz/master

Change the criticality of a number of X509 extentions, to match
2024-11-23 08:11:00 +00:00 · 2014-09-07 12:50:36 +12:00 · 2014-09-07 12:50:36 +12:00 · 5dcc7f78df
commit 5dcc7f78df
parent 754b627937 d8f54c7c03
1 changed files with 4 additions and 4 deletions
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@ -31,10 +31,10 @@ def create_ca(o, cn, exp):
                                   "CA:TRUE"),
      OpenSSL.crypto.X509Extension("nsCertType", False,
                                   "sslCA"),
-      OpenSSL.crypto.X509Extension("extendedKeyUsage", True,
+      OpenSSL.crypto.X509Extension("extendedKeyUsage", False,
                                    "serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"
                                    ),
-      OpenSSL.crypto.X509Extension("keyUsage", False,
+      OpenSSL.crypto.X509Extension("keyUsage", True,
                                   "keyCertSign, cRLSign"),
      OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash",
                                   subject=cert),
@ -67,7 +67,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
    cert.set_serial_number(int(time.time()*10000))
    if ss:
        cert.set_version(2)
-        cert.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", True, ss)])
+        cert.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", False, ss)])
    cert.set_pubkey(cacert.get_pubkey())
    cert.sign(privkey, "sha1")
    return SSLCert(cert)
@ -362,4 +362,4 @@ class SSLCert:
                    continue
                for i in dec[0]:
                    altnames.append(i[0].asOctets())
-        return altnames
+        return altnames