|
|
@@ -68,11 +68,9 @@ func (m *mkcert) makeCert(hosts []string) {
|
|
|
OrganizationalUnit: []string{userAndHostname},
|
|
|
},
|
|
|
|
|
|
- NotAfter: expiration,
|
|
|
- NotBefore: time.Now(),
|
|
|
+ NotBefore: time.Now(), NotAfter: expiration,
|
|
|
|
|
|
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
|
- BasicConstraintsValid: true,
|
|
|
+ KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
|
}
|
|
|
|
|
|
for _, h := range hosts {
|
|
|
@@ -88,9 +86,10 @@ func (m *mkcert) makeCert(hosts []string) {
|
|
|
}
|
|
|
|
|
|
if m.client {
|
|
|
- tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
|
|
|
- } else if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 {
|
|
|
- tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
|
|
|
+ tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageClientAuth)
|
|
|
+ }
|
|
|
+ if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 || len(tpl.URIs) > 0 {
|
|
|
+ tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageServerAuth)
|
|
|
}
|
|
|
if len(tpl.EmailAddresses) > 0 {
|
|
|
tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageEmailProtection)
|
Filippo Valsorda