From a11b67a64e39aded4a4bb1337fb7a4cf3021f8ef Mon Sep 17 00:00:00 2001
From: Gibheer <gibheer@gmail.com>
Date: Tue, 24 Mar 2015 21:19:44 +0100
Subject: [PATCH] add more flags to certificate options

This adds the IsCA and ca length options to define, if the resulting
certificate should be a CA.
---
 certificate.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/certificate.go b/certificate.go
index b6fa252..b186468 100644
--- a/certificate.go
+++ b/certificate.go
@@ -32,6 +32,10 @@ type (
     SerialNumber        *big.Int
     NotBefore           time.Time
     NotAfter            time.Time // Validity bounds.
+    IsCA                bool
+    // how many sub ca are allowed between this ca and the end/final certificate
+    // if it is -1, then no limit will be set
+    CALength            int
     KeyUsage            x509.KeyUsage
   }
 )
@@ -92,6 +96,15 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey,
   template.NotBefore    = cert_opts.NotBefore
   template.NotAfter     = cert_opts.NotAfter
   template.KeyUsage     = cert_opts.KeyUsage
+  template.IsCA         = cert_opts.IsCA
+  if cert_opts.IsCA {
+    template.BasicConstraintsValid = true
+  }
+  if cert_opts.CALength >= 0 {
+    template.MaxPathLen   = cert_opts.CALength
+    template.MaxPathLenZero = true
+    template.BasicConstraintsValid = true
+  }
   template.SerialNumber = cert_opts.SerialNumber
 
   var cert_asn1 []byte