From a11b67a64e39aded4a4bb1337fb7a4cf3021f8ef Mon Sep 17 00:00:00 2001 From: Gibheer Date: Tue, 24 Mar 2015 21:19:44 +0100 Subject: add more flags to certificate options This adds the IsCA and ca length options to define, if the resulting certificate should be a CA. --- certificate.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'certificate.go') diff --git a/certificate.go b/certificate.go index b6fa252..b186468 100644 --- a/certificate.go +++ b/certificate.go @@ -32,6 +32,10 @@ type ( SerialNumber *big.Int NotBefore time.Time NotAfter time.Time // Validity bounds. + IsCA bool + // how many sub ca are allowed between this ca and the end/final certificate + // if it is -1, then no limit will be set + CALength int KeyUsage x509.KeyUsage } ) @@ -92,6 +96,15 @@ func (c *CertificateRequest) ToCertificate(private_key PrivateKey, template.NotBefore = cert_opts.NotBefore template.NotAfter = cert_opts.NotAfter template.KeyUsage = cert_opts.KeyUsage + template.IsCA = cert_opts.IsCA + if cert_opts.IsCA { + template.BasicConstraintsValid = true + } + if cert_opts.CALength >= 0 { + template.MaxPathLen = cert_opts.CALength + template.MaxPathLenZero = true + template.BasicConstraintsValid = true + } template.SerialNumber = cert_opts.SerialNumber var cert_asn1 []byte -- cgit v1.2.3-70-g09d2