From: Wolfgang Apolinarski <wolfgang.apolinarski@uni-due.de>
Date: Sat, 18 Apr 2015 13:15:45 +0000 (+0200)
Subject: Added clientAuth to EKU of client certificate. Fixed the comment.
X-Git-Tag: v2.17-core91~125
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=ab2d15486b4f874ebd832dfce84081031f42b7c5

Added clientAuth to EKU of client certificate. Fixed the comment.
---

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index b0041ef422..4138f4dea6 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1673,7 +1673,7 @@ END
 	    (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
 	    (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
 
-	    # Create the Host certificate request
+	    # Create the Client certificate request
 	    &General::log("ipsec", "Creating a cert...");
 
 	    if (open(STDIN, "-|")) {
@@ -1700,7 +1700,7 @@ END
 		exit (0);
 	    }
 	    
-	    # Sign the host certificate request
+	    # Sign the client certificate request
 	    &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
 
 	    #No easy way for specifying the contain of subjectAltName without writing a config file...
@@ -1709,6 +1709,7 @@ END
 	    basicConstraints=CA:FALSE
 	    nsComment="OpenSSL Generated Certificate"
 	    subjectKeyIdentifier=hash
+	    extendedKeyUsage=clientAuth
 	    authorityKeyIdentifier=keyid,issuer:always
 END
 ;