If KeyUsage extension is not set, then valid implementations behave as if all the keyUsage bits were set, but validate_usage() fails. I haven't tested, but the same is likely true for the extended_key_usage parameter.
FWIW, there is no equivalent to extended_optional for the keyUsage., which seems valid given the name of the method. That said, for when only wanting to test path validation (not usage), it would be nice if _validate_path() were not a "hidden" (i.e., starting with '_')...
If KeyUsage extension is not set, then valid implementations behave as if all the keyUsage bits were set, but validate_usage() fails. I haven't tested, but the same is likely true for the
extended_key_usageparameter.FWIW, there is no equivalent to
extended_optionalfor the keyUsage., which seems valid given the name of the method. That said, for when only wanting to test path validation (not usage), it would be nice if_validate_path()were not a "hidden" (i.e., starting with '_')...