Closed mpalmer closed 7 years ago
Fixed+rebased commit pushed. As a bonus, I also pulled down the erroneous cert mentioned in the bug report and made sure it works, this time.
This fix doesn't seem to be working correctly.
https://crt.sh/?id=12648791&opt=cablint says "ERROR: Unallowed key usage for RSA public key (Non Repudiation, Certificate Sign, CRL Sign)", but the cert's key usage extension doesn't have any of those key usage bits enabled.
It seems to be showing a list of permitted key usage bits that aren't in the cert's key usage extension, rather than a list of non-permitted key usage bits that are in the cert's key usage extension.
Fixed the logic
Fixes #10. Untested, because I don't have an obviously-broken cert handy to make sure it DTRT.