Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: Extended Key Usage on X509 certificates yields unexpected flags #7516

Closed
gopherbot opened this issue Mar 12, 2014 · 2 comments
Closed

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Mar 12, 2014

by anu.engineer:

if you ask for  Extended Key Usage in Certificates with the following Flags 
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth |
x509.ExtKeyUsageClientAuth}, CreateCertificate code generates "Code Signing"
instead of the expected ServerAuth | ClientAuth in the Certificate.

Please see the Line 69 in the code , this is a code sample modified from GO distribution
with only one line modification 

+ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth |
x509.ExtKeyUsageClientAuth}, 

http://play.golang.org/p/vpvoNPNlJU

it was executed with following command

./certgen -host=anu.engineer.com -ca=true -duration=8760h0m0s -rsa-bits=2048
-start-date="Mar 11 00:00:00 2014"  

and when viewed with OpenSSL the certificate has the following fields
aengineer$ openssl x509 -in cert.pem -text

<<snip>>

 X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Alternative Name: 
                DNS:anu.engineer.com
<<snip>>
Expected Values 
            X509v3 Extended Key Usage: 
                Server Auth, Client Auth
@gopherbot
Copy link
Author

@gopherbot gopherbot commented Mar 12, 2014

Comment 1 by anu.engineer:

User Error, Please close 
+ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth |
x509.ExtKeyUsageClientAuth}, 
it should be 
+ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth ,
x509.ExtKeyUsageClientAuth},
@mikioh
Copy link
Contributor

@mikioh mikioh commented Mar 14, 2014

Comment 2:

Status changed to Invalid.

@gopherbot gopherbot added the invalid label Mar 14, 2014
@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.