Closed ishan-rep closed 3 months ago
Tested this with basic script (where server was verifying the below extensions) and this works.
getCertUnsigned :: IO X509 getCertUnsigned = do deviceCSR <- readFile "new_csr.pem" x509Object <- readX509Req deviceCSR issuerCert <- getIssuerCert x509Cert <- makeX509FromReq x509Object issuerCert setSerialNumber x509Cert 112312 now <- getCurrentTime setNotBefore x509Cert $ addUTCTime (-100) now setNotAfter x509Cert $ addUTCTime (365 24 60 * 60) now addExtensionToX509 x509Cert 87 "CA:FALSE" addExtensionToX509 x509Cert 83 "digitalSignature, keyEncipherment" addExtensionToX509 x509Cert 85 "serverAuth, clientAuth" pure x509Cert
@vshabanov Can you review this change? Let me know if anything is not clear.
Thank you. It's now available in HsOpenSSL-0.11.7.7
Tested this with basic script (where server was verifying the below extensions) and this works.