Skip to content
This repository was archived by the owner on Sep 30, 2020. It is now read-only.

Commit ca88238

Browse files
davidmccormickdavidmccormick
authored
Server certificates also need to be allowed to be used for client authentication, e.g. etcd servers cross authenticate each other as both servers and clients. (#1758)
1 parent 0bbea4c commit ca88238

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

pki/x509.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ func NewSignedServerCertificate(cfg ServerCertConfig, key *rsa.PrivateKey, caCer
8888
NotBefore: caCert.NotBefore,
8989
NotAfter: time.Now().Add(cfg.Duration).UTC(),
9090
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
91-
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
91+
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
9292
}
9393
certDERBytes, err := x509.CreateCertificate(rand.Reader, &certTmpl, caCert, key.Public(), caKey)
9494
if err != nil {

0 commit comments

Comments
 (0)