acme: set correct KeyUsage and ExtKeyUsage
A certificate must have the Server Auth Extended Key Usage to be used
for TLS, and an ECDSA certificate must have the Digital Signature Key
Usage to be used at all (you can't encrypt to an ECDSA key).
crypto/tls ignores (E)KUs when serving certificates, and most browsers
do as well, so it works, but OpenSSL would refuse to serve these
certificates, and clients would be allowed to reject them.
Run-TryBot: Alex Vaghin <email@example.com>
TryBot-Result: Gobot Gobot <firstname.lastname@example.org>
Reviewed-by: Alex Vaghin <email@example.com>
1 file changed