From e8f12c4b14293514bd9d9d939021f5c49df1e793 Mon Sep 17 00:00:00 2001
From: godog <godog@autistici.org>
Date: Fri, 14 Jul 2017 10:27:26 +0200
Subject: [PATCH] set version 3 when adding extensions

gnutls fails to consider the certificate valid:

|<2>| error: extensions present in certificate with version 1

found via:

gnutls-cli --debug 99 --x509cafile /etc/ssl/certs/ca-certificates.crt github.com
---
 autoca/certutil.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/autoca/certutil.py b/autoca/certutil.py
index 4048a24..73e1711 100644
--- a/autoca/certutil.py
+++ b/autoca/certutil.py
@@ -44,6 +44,7 @@ def sign_certificate(req, ca_key, ca_crt, serial_num, days,
     cert.set_subject(req.get_subject())
     cert.set_pubkey(req.get_pubkey())
     if extensions:
+        cert.set_version(3)
         cert.add_extensions(extensions)
     cert.sign(ca_key, digest)
     return cert
-- 
GitLab