Browse Source

Merge pull request #5133 from mdmower/ext-key-usage

feat: Support manually defining extended key usage in CSR
pull/5197/head
neil 6 months ago
committed by GitHub
parent
commit
0d93145834
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 14
      acme.sh

14
acme.sh

@ -1243,7 +1243,14 @@ _createcsr() {
_debug2 csr "$csr"
_debug2 csrconf "$csrconf"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf"
if [ "$Le_ExtKeyUse" ]; then
_savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse"
printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf"
else
printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf"
fi
if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")"
@ -7007,6 +7014,7 @@ Parameters:
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--extended-key-usage <string> Manually define the CSR extended key usage value. The default is serverAuth,clientAuth.
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
@ -7698,6 +7706,10 @@ _process() {
_deploy_hook="$_deploy_hook$2,"
shift
;;
--extended-key-usage)
Le_ExtKeyUse="$2"
shift
;;
--ocsp-must-staple | --ocsp)
Le_OCSP_Staple="1"
;;

Loading…
Cancel
Save