diff options
| -rw-r--r-- | certificate.go | 2 | ||||
| -rw-r--r-- | certificate_test.go | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/certificate.go b/certificate.go index b90e9fa..9203e57 100644 --- a/certificate.go +++ b/certificate.go @@ -127,7 +127,7 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey, if cert_opts.IsCA { template.BasicConstraintsValid = true } - if cert_opts.CALength >= 0 { + if cert_opts.CALength > 0 { template.MaxPathLen = cert_opts.CALength template.MaxPathLenZero = true template.BasicConstraintsValid = true diff --git a/certificate_test.go b/certificate_test.go index 14b1279..39e25c0 100644 --- a/certificate_test.go +++ b/certificate_test.go @@ -3,6 +3,7 @@ package pki import ( "crypto/elliptic" "crypto/x509/pkix" + "fmt" "math/big" "reflect" "testing" @@ -52,6 +53,23 @@ func TestCertificateCreation(t *testing.T) { } } +func TestCertificateMaxLength(t *testing.T) { + pk, err := NewPrivateKeyRsa(1024) + if err != nil { + t.Errorf("cert: creating private key rsa failed: %s", err) + } + csr, err := TestCertificateData.ToCertificateRequest(pk) + cert_opts := CertificateOptions{SerialNumber: big.NewInt(1)} + fmt.Println("create cert") + cert, err := csr.ToCertificate(pk, cert_opts, nil) + if err != nil { + t.Errorf("cert: creating cert failed: %s", err) + } + if !fieldsAreSame(TestCertificateData, cert) { + t.Errorf("cert: Fields are not the same") + } +} + func fieldsAreSame(data CertificateData, cert *Certificate) bool { if cert == nil { return false |