[gnutls-devel] GnuTLS | Certtool doesn't allow keyusage Digital signature in CA certificates (#767)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon May 20 21:32:12 CEST 2019




Strictly speaking this flag is not necessary in CA or intermediate CA certificates according to rfc5280, as it says:
```If the subject public key is only to be used for verifying signatures on
   certificates and/or CRLs, then the digitalSignature and
   nonRepudiation bits SHOULD NOT be set.
```

However, that does not prohibit it either. Thus we should allow that flag if requested.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/767#note_172430354
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/64296b90/attachment.html>


More information about the Gnutls-devel mailing list