[gnutls-devel] GnuTLS | Certtool doesn't allow keyusage Digital signature in CA certificates (#767)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon May 20 21:32:12 CEST 2019

Strictly speaking this flag is not necessary in CA or intermediate CA certificates according to rfc5280, as it says:
```If the subject public key is only to be used for verifying signatures on
   certificates and/or CRLs, then the digitalSignature and
   nonRepudiation bits SHOULD NOT be set.

However, that does not prohibit it either. Thus we should allow that flag if requested.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/767#note_172430354
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/64296b90/attachment.html>

More information about the Gnutls-devel mailing list