From 194ea737f43e6563e44cf0c37936676d97235978 Mon Sep 17 00:00:00 2001 From: Gibheer Date: Tue, 17 Dec 2024 15:37:15 +0100 Subject: fix creating simple certificates Creating CAs requires the CALength to be set to a specific value. But with normal certificates, 99% of the use case, this is not needed. By setting it to -1 by default, the flag will become ignored for all signatures apart from CAs. --- create_cert.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'create_cert.go') diff --git a/create_cert.go b/create_cert.go index c49e953..56ec4ca 100644 --- a/create_cert.go +++ b/create_cert.go @@ -56,7 +56,7 @@ func CreateCert(args []string) error { flagOutput string ) fs := flag.NewFlagSet("pkictl create-cert", flag.ExitOnError) - fs.StringVar(&flagPrivate, "private-key", "", "the private key to generate the request") + fs.StringVar(&flagPrivate, "private-key", "", "the private key of the CA signing the certificate") fs.StringVar(&flagCSR, "sign-request", "", "the certificate sign request") fs.StringVar(&flagOutput, "output", "stdout", "path to the output file (default stdout)") fs.BoolVar(&flagIsCA, "is-ca", false, "is the result a CA - when true ca is ignored") @@ -64,7 +64,7 @@ func CreateCert(args []string) error { fs.StringVar(&flagKeyUsage, "key-usage", "", "comma separated list of key usages") fs.Var(&flagKeyExtUsage, "key-ext-usage", "comma separated list of further usages") fs.Int64Var(&flagSerial, "serial", 0, "the serial for the issued certificate") - fs.IntVar(&flagLength, "length", 0, "the number of sub CAs allowed (-1 equals no limit)") + fs.IntVar(&flagLength, "length", -1, "the number of sub CAs allowed (-1 equals no limit)") fs.StringVar(&flagCA, "ca", "", "path to the CA certificate") fs.StringVar( &flagNotBefore, -- cgit v1.2.3-70-g09d2