certs: fix csr generation (correct the key usage, remove msExtReq from attributes)

author elijah <elijah@riseup.net>

Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)

committer elijah <elijah@riseup.net>

Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)
author elijah <elijah@riseup.net>
Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)
committer elijah <elijah@riseup.net>
Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb

index ea4c8a821a54c978003fa825c22a973de250d100..ecc324b2f01e2622efa82e7ded98a7d5e3e5af61 100644 (file)
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -303,7 +303,7 @@ module LeapCli; module Commands
        basic.ca = false
      }
      extensions << CertificateAuthority::Extensions::KeyUsage.new.tap {|keyusage|
-      keyusage.usage = ["digitalSignature", "nonRepudiation"]
+      keyusage.usage = ["digitalSignature", "keyEncipherment"]
      }
      extensions << CertificateAuthority::Extensions::ExtendedKeyUsage.new.tap {|extkeyusage|
        extkeyusage.usage = [ "serverAuth"]
@@ -317,7 +317,6 @@ module LeapCli; module Commands
      )])
      attrs = [
        OpenSSL::X509::Attribute.new("extReq", attrval),
-      OpenSSL::X509::Attribute.new("msExtReq", attrval)
      ]
      csr.attributes = attrs
author	elijah <elijah@riseup.net>
	Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)
committer	elijah <elijah@riseup.net>
	Mon, 27 Oct 2014 21:46:16 +0000 (14:46 -0700)