add more flags to certificate options
This adds the IsCA and ca length options to define, if the resulting certificate should be a CA.
This commit is contained in:
parent
6b355e272b
commit
a11b67a64e
|
@ -32,6 +32,10 @@ type (
|
|||
SerialNumber *big.Int
|
||||
NotBefore time.Time
|
||||
NotAfter time.Time // Validity bounds.
|
||||
IsCA bool
|
||||
// how many sub ca are allowed between this ca and the end/final certificate
|
||||
// if it is -1, then no limit will be set
|
||||
CALength int
|
||||
KeyUsage x509.KeyUsage
|
||||
}
|
||||
)
|
||||
|
@ -92,6 +96,15 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
|
|||
template.NotBefore = cert_opts.NotBefore
|
||||
template.NotAfter = cert_opts.NotAfter
|
||||
template.KeyUsage = cert_opts.KeyUsage
|
||||
template.IsCA = cert_opts.IsCA
|
||||
if cert_opts.IsCA {
|
||||
template.BasicConstraintsValid = true
|
||||
}
|
||||
if cert_opts.CALength >= 0 {
|
||||
template.MaxPathLen = cert_opts.CALength
|
||||
template.MaxPathLenZero = true
|
||||
template.BasicConstraintsValid = true
|
||||
}
|
||||
template.SerialNumber = cert_opts.SerialNumber
|
||||
|
||||
var cert_asn1 []byte
|
||||
|
|
Loading…
Reference in New Issue