30 lines
995 B
Diff
30 lines
995 B
Diff
From 499ce83c85d14dd8cbc52f6431e775f1d00578d6 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Tue, 22 Apr 2025 13:09:32 -0400
|
|
Subject: [PATCH 7/7] Ensure 'critical' basicConstraint for CA cert
|
|
|
|
Fixes: https://github.com/sgallagher/sscg/issues/74
|
|
|
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
---
|
|
src/authority.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/authority.c b/src/authority.c
|
|
index af60e1a93023c32e3fdf6da920fba4464256ed81..044c62f5192e75a9f7d3f49616f852a97da7505a 100644
|
|
--- a/src/authority.c
|
|
+++ b/src/authority.c
|
|
@@ -89,7 +89,8 @@ create_private_CA (TALLOC_CTX *mem_ctx,
|
|
sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
|
|
|
|
/* Mark it as a CA */
|
|
- ex = X509V3_EXT_conf_nid (NULL, NULL, NID_basic_constraints, "CA:TRUE");
|
|
+ ex = X509V3_EXT_conf_nid (
|
|
+ NULL, NULL, NID_basic_constraints, "critical,CA:TRUE");
|
|
CHECK_MEM (ex);
|
|
sk_X509_EXTENSION_push (ca_certinfo->extensions, ex);
|
|
|
|
--
|
|
2.49.0
|
|
|