Added clientAuth to EKU of client certificate. Fixed the comment.

author Wolfgang Apolinarski <wolfgang.apolinarski@uni-due.de>

Sat, 18 Apr 2015 13:15:45 +0000 (15:15 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Sat, 18 Apr 2015 21:32:14 +0000 (23:32 +0200)
author Wolfgang Apolinarski <wolfgang.apolinarski@uni-due.de>
Sat, 18 Apr 2015 13:15:45 +0000 (15:15 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Sat, 18 Apr 2015 21:32:14 +0000 (23:32 +0200)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi

index b0041ef42255eb90cd5e3cb005762067050b8790..4138f4dea674da80233024578b164500ff09c1f8 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1673,7 +1673,7 @@ END
             (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
             (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
  
-           # Create the Host certificate request
+           # Create the Client certificate request
             &General::log("ipsec", "Creating a cert...");
  
             if (open(STDIN, "-|")) {
@@ -1700,7 +1700,7 @@ END
                 exit (0);
             }
             
-           # Sign the host certificate request
+           # Sign the client certificate request
             &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
  
             #No easy way for specifying the contain of subjectAltName without writing a config file...
@@ -1709,6 +1709,7 @@ END
             basicConstraints=CA:FALSE
             nsComment="OpenSSL Generated Certificate"
             subjectKeyIdentifier=hash
+           extendedKeyUsage=clientAuth
             authorityKeyIdentifier=keyid,issuer:always
  END
  ;
author	Wolfgang Apolinarski <wolfgang.apolinarski@uni-due.de>
	Sat, 18 Apr 2015 13:15:45 +0000 (15:15 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 18 Apr 2015 21:32:14 +0000 (23:32 +0200)