Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set correct KU and EKU extensions #328

Merged
merged 3 commits into from Jun 8, 2021
Merged

Set correct KU and EKU extensions #328

merged 3 commits into from Jun 8, 2021

Commits on Jun 8, 2021

  1. Set correct KU and EKU extensions 

    A CA certificate must not have an EKU extension. KU key_cert_signing is
required. crl_sign is recommended for CRLs and digital_signature is
recommended for OCSP.

An end-entity cert must have an EKU. TLS server and TLS client are
recommended. KU digital_signature is required for modern perfect forward
secrecy handshake. key_encipherment is optional for old non-PFS
handshake.

Signed-off-by: Christian Heimes <christian@python.org>
    @tiran
    tiran committed Jun 8, 2021
    Copy the full SHA
    adf0ccc View commit details
    Browse the repository at this point in the history

  2. Adjust tests 

    Signed-off-by: Christian Heimes <christian@python.org>
    @tiran
    tiran committed Jun 8, 2021
    Copy the full SHA
    f768f96 View commit details
    Browse the repository at this point in the history

  3. Update tests/test_trustme.py

    @graingert
    graingert committed Jun 8, 2021
    Copy the full SHA
    e3ac2d6 View commit details
    Browse the repository at this point in the history