Description: New ruby-certificate-authority fails tests unless proper x509v3 extension is added for client certs
Author: Micah Anderson <micah@debian.org>
Forwarded: Yes
Last-Update: 2016-12-05
Index: reel/spec/support/create_certs.rb
===================================================================
--- reel.orig/spec/support/create_certs.rb	2016-12-05 21:22:04.111496054 -0500
+++ reel/spec/support/create_certs.rb	2016-12-05 21:23:33.401298728 -0500
@@ -48,7 +48,8 @@
 client_cert.serial_number.number = 1
 client_cert.key_material.generate_key
 client_cert.parent = ca
-client_cert.sign!
+
+client_cert.sign! 'extensions' => { 'keyUsage' => { 'usage' => %w(digitalSignature) } }
 
 client_cert_path = File.join(certs_dir, 'client.crt')
 client_key_path  = File.join(certs_dir, 'client.key')
