From 9d90174a1b6a2d2213e3b8bb86b9d06126839f0c Mon Sep 17 00:00:00 2001 From: Disassembler Date: Fri, 10 Apr 2020 19:21:07 +0200 Subject: [PATCH] Create self-signed certificate with proper constraints and usages --- usr/lib/python3.8/vmmgr/crypto.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/lib/python3.8/vmmgr/crypto.py b/usr/lib/python3.8/vmmgr/crypto.py index db06b35..fe597e2 100644 --- a/usr/lib/python3.8/vmmgr/crypto.py +++ b/usr/lib/python3.8/vmmgr/crypto.py @@ -27,8 +27,8 @@ def create_selfsigned_cert(domain): .add_extension(x509.SubjectAlternativeName((x509.DNSName(domain), x509.DNSName(f'*.{domain}'))), critical=False) \ .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) \ .add_extension(x509.AuthorityKeyIdentifier.from_issuer_public_key(public_key), critical=False) \ - .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) \ - .add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False), critical=True) \ + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) \ + .add_extension(x509.KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False), critical=True) \ .add_extension(x509.ExtendedKeyUsage((ExtendedKeyUsageOID.SERVER_AUTH, ExtendedKeyUsageOID.CLIENT_AUTH)), critical=False) \ .sign(private_key, hashes.SHA256(), default_backend()) with open(paths.CERT_PUB_FILE, 'wb') as f: