From ab2d15486b4f874ebd832dfce84081031f42b7c5 Mon Sep 17 00:00:00 2001
From: Wolfgang Apolinarski <wolfgang.apolinarski@uni-due.de>
Date: Sat, 18 Apr 2015 15:15:45 +0200
Subject: [PATCH] Added clientAuth to EKU of client certificate. Fixed the
 comment.

---
 html/cgi-bin/vpnmain.cgi | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index b0041ef422..4138f4dea6 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1673,7 +1673,7 @@ END
 	    (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
 	    (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
 
-	    # Create the Host certificate request
+	    # Create the Client certificate request
 	    &General::log("ipsec", "Creating a cert...");
 
 	    if (open(STDIN, "-|")) {
@@ -1700,7 +1700,7 @@ END
 		exit (0);
 	    }
 	    
-	    # Sign the host certificate request
+	    # Sign the client certificate request
 	    &General::log("ipsec", "Signing the cert $cgiparams{'NAME'}...");
 
 	    #No easy way for specifying the contain of subjectAltName without writing a config file...
@@ -1709,6 +1709,7 @@ END
 	    basicConstraints=CA:FALSE
 	    nsComment="OpenSSL Generated Certificate"
 	    subjectKeyIdentifier=hash
+	    extendedKeyUsage=clientAuth
 	    authorityKeyIdentifier=keyid,issuer:always
 END
 ;
-- 
2.39.2