diff options
author | Gibheer <gibheer+git@zero-knowledge.org> | 2024-12-17 15:37:15 +0100 |
---|---|---|
committer | Gibheer <gibheer+git@zero-knowledge.org> | 2024-12-17 15:37:15 +0100 |
commit | 194ea737f43e6563e44cf0c37936676d97235978 (patch) | |
tree | 84ec8e7e82e25f72877a96e103951c4aef4a4377 /create_cert.go | |
parent | 9e87cea1b0329e1e8db669a68d49371fadfdd7b1 (diff) |
Creating CAs requires the CALength to be set to a specific value. But
with normal certificates, 99% of the use case, this is not needed.
By setting it to -1 by default, the flag will become ignored for all
signatures apart from CAs.
Diffstat (limited to 'create_cert.go')
-rw-r--r-- | create_cert.go | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/create_cert.go b/create_cert.go index c49e953..56ec4ca 100644 --- a/create_cert.go +++ b/create_cert.go @@ -56,7 +56,7 @@ func CreateCert(args []string) error { flagOutput string ) fs := flag.NewFlagSet("pkictl create-cert", flag.ExitOnError) - fs.StringVar(&flagPrivate, "private-key", "", "the private key to generate the request") + fs.StringVar(&flagPrivate, "private-key", "", "the private key of the CA signing the certificate") fs.StringVar(&flagCSR, "sign-request", "", "the certificate sign request") fs.StringVar(&flagOutput, "output", "stdout", "path to the output file (default stdout)") fs.BoolVar(&flagIsCA, "is-ca", false, "is the result a CA - when true ca is ignored") @@ -64,7 +64,7 @@ func CreateCert(args []string) error { fs.StringVar(&flagKeyUsage, "key-usage", "", "comma separated list of key usages") fs.Var(&flagKeyExtUsage, "key-ext-usage", "comma separated list of further usages") fs.Int64Var(&flagSerial, "serial", 0, "the serial for the issued certificate") - fs.IntVar(&flagLength, "length", 0, "the number of sub CAs allowed (-1 equals no limit)") + fs.IntVar(&flagLength, "length", -1, "the number of sub CAs allowed (-1 equals no limit)") fs.StringVar(&flagCA, "ca", "", "path to the CA certificate") fs.StringVar( &flagNotBefore, |