gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

本地签发证书时,密钥用法不copy原证书。https://git.mesalab.cn/tango/certstore/issues/8

Browse Source
This commit is contained in:
zhengchao
2019-06-22 00:33:44 +08:00
parent 811435ca92
commit 0475638ab9
1 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
platform/src/ssl_utils.cpp
View File

@@ -666,12 +666,10 @@ X509 * ssl_x509_forge(X509 * cacrt, EVP_PKEY * cakey, X509 * origcrt, EVP_PKEY *
if (rv == -1)
goto errout;
rv = ssl_x509_v3ext_copy_by_nid(crt, origcrt,
NID_key_usage);
if (rv == 0)
rv = ssl_x509_v3ext_add(&ctx, crt, "keyUsage",
"digitalSignature,"
"keyEncipherment");
//Not copy keyUsage, because RSA is not compatibel with "Key Agreement".
rv = ssl_x509_v3ext_add(&ctx, crt, "keyUsage",
"digitalSignature,"
"keyEncipherment");
if (rv == -1)
goto errout;