mpalmer
commented
7 years ago Fixed+rebased commit pushed. As a bonus, I also pulled down the erroneous cert mentioned in the bug report and made sure it works, this time.
Closed mpalmer closed 7 years ago
mpalmer
commented
7 years ago Fixed+rebased commit pushed. As a bonus, I also pulled down the erroneous cert mentioned in the bug report and made sure it works, this time.
robstradling
commented
7 years ago This fix doesn't seem to be working correctly.
https://crt.sh/?id=12648791&opt=cablint says "ERROR: Unallowed key usage for RSA public key (Non Repudiation, Certificate Sign, CRL Sign)", but the cert's key usage extension doesn't have any of those key usage bits enabled.
It seems to be showing a list of permitted key usage bits that aren't in the cert's key usage extension, rather than a list of non-permitted key usage bits that are in the cert's key usage extension.
pzb
commented
7 years ago Fixed the logic
Fixes #10. Untested, because I don't have an obviously-broken cert handy to make sure it DTRT.