-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adjust critical extensions and key usage #448
Conversation
If you make all of your changes above, with the exception of the change to |
I rebased my changes on master. And I didn't get why should I revert the change to |
Sorry, you misunderstand. The Changing You can build all the certificates you need with only the changes to the data files. |
I understand that users of easy-rsa are supposed to modify openssl config files to suit their own need. I do have many changes/hacks in my local repo and working well. I opened this PR because I think this specific change is nice to have in easy-rsa repo. Since
|
critical keyUsage is required by RFC5280 §4.2.1.3 critical basicConstraints (for CA) is required by RFC5280 §4.2.1.9 critical extendedKeyUsage (for code signing) is required by macOS TN2206 Signed-off-by: Youfu Zhang <[email protected]>
Signed-off-by: Youfu Zhang <[email protected]>
I have a proposal:
I think that should work. Same goes for: #503 |
I don't agree your proposal. I don't think maintaining a separate I don't think my changes are breaking changes. I agree that more testing is necessary. What kind of concerns do you have? (What kind of tests can convince you to leave these PRs in their current form?) |
We are not going to maintain it, it will be there for these changes to be staged into. If we decide in the future that these alternative x509 profiles should become the standard then we will move it to the main folder. |
Linking: #520 |
Linking: #522 Note: #525 @zhangyoufu probably affects you. |
I would like to use easy-rsa to manage some general purpose PKI. This change makes it conform to common practice.
supersedes #187