[gnutls-devel] GnuTLS | Certtool doesn't allow keyusage Digital signature in CA certificates (#767)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon May 20 21:32:12 CEST 2019
Strictly speaking this flag is not necessary in CA or intermediate CA certificates according to rfc5280, as it says:
```If the subject public key is only to be used for verifying signatures on
certificates and/or CRLs, then the digitalSignature and
nonRepudiation bits SHOULD NOT be set.
```
However, that does not prohibit it either. Thus we should allow that flag if requested.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/767#note_172430354
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/64296b90/attachment.html>
More information about the Gnutls-devel
mailing list