author: Joe Crayne <oh.hellojoe@gmail.com>

author: Joe Crayne <oh.hellojoe@gmail.com>
Bug 3966:Add KeyEncipherment when ssl-bump substitues RSA for EC.

Libnss3, which is used by Firefox to verify the certificate chain, has
different requirements for RSA keys than it does for EC keys.  In particular,
RSA keys with the keyUsage extension, must set the KeyEncipherment flag.

I've attached a patch that will enable KeyEncipherment whenever ssl-bump
attempts to substitute an RSA key for an EC key that had a keyUsage extension.

This fix was brought to you by the Samizdat project.
http://samizdat.childrenofmay.org