Please sign in to comment.
Add x509 extensions for dnsName and nsComment.
Many utilities that could use certmaster certs follow rules laid out in RFC3280. At the moment I'm working on integrating rsyslog TLS with mutual authentication. Certmaster certs currently only work in "anon" mode where encryption is achieved, but no authentication is performed. To that end, a function _build_extension_list() is implemented in this patch that is now used by both create_ca() and create_slave_certificate() that attempts to add the extensions to the cert before signing. subjectKeyIdentifier will be explored in a subsequent patch. Signed-off-by: Al Tobey <email@example.com>
- Loading branch information...
Showing with 26 additions and 10 deletions.