From 0bce6d0c16fde16cda905ea39793a39cc2bfd9f6 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Thu, 13 Mar 2014 09:19:39 +0000
Subject: [PATCH] drop the critical bit on some X509 extensions

---
 autoca/ca.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/autoca/ca.py b/autoca/ca.py
index e8ea3d1..a261d9b 100644
--- a/autoca/ca.py
+++ b/autoca/ca.py
@@ -74,9 +74,9 @@ class CA(object):
             crypto.X509Extension('keyUsage', True,
                                  '%sdigitalSignature, keyEncipherment' % (
                     server and '' or 'nonRepudiation, ')),
-            crypto.X509Extension('extendedKeyUsage', True,
+            crypto.X509Extension('extendedKeyUsage', False,
                                  server and 'serverAuth' or 'clientAuth'),
-            crypto.X509Extension('nsCertType', True,
+            crypto.X509Extension('nsCertType', False,
                                  server and 'server' or 'client'),
             ]
         cert = certutil.sign_certificate(
-- 
GitLab