x509: Also encode extendedKeyUsage in cert requests if there are no SANs or certifica...

Probably never was an issue in practice as most certificates contain at
least one SAN.

diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index dcf431ea83851639413ab26d739c37661dc19f07..d3e6104ae18d008fc26f16f95edbbd907ca4118e 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -337,7 +337,7 @@ static bool generate(private_x509_pkcs10_t *cert, private_key_t *sign_key,
        extendedKeyUsage = x509_generate_eku_extension(cert->flags);
 
        /* encode extensionRequest attribute */
-       if (subjectAltNames.ptr || certTypeExt.ptr)
+       if (subjectAltNames.ptr || certTypeExt.ptr || extendedKeyUsage.ptr)
        {
                extensionRequest = asn1_wrap(ASN1_SEQUENCE, "mm",
                                asn1_build_known_oid(OID_EXTENSION_REQUEST),