artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee191f7) | patch
Constrain KeyUsage and ExtendedKeyUsage on both CA & EE certificates
authorjob <job@openbsd.org>
Thu, 3 Nov 2022 10:39:19 +0000 (10:39 +0000)
committerjob <job@openbsd.org>
Thu, 3 Nov 2022 10:39:19 +0000 (10:39 +0000)
commit6dc8bea129413960e2d2655799b208933b15def3
tree09dc3e403bacff51fd35365dac77b00b1ad93666tree | snapshot
parentee191f7a22501deeeee67e6923533dc072c5eefecommit | diff
Constrain KeyUsage and ExtendedKeyUsage on both CA & EE certificates

RFC 6487 section 4.8.4 restricts the KeyUsage extension on EE
certificates to only be digitalSignature.

RFC 6487 section 4.8.5 forbids the ExtendedKeyUsage extension from
appearing on CA certificates. However, this may change in the future
through the standardisation process.

OK tb@
usr.sbin/rpki-client/cert.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim