EasyRSA Charm

`extendedUsage = clientAuth` is configured in server certificates

Bug #1947575 reported by Martin Kalcok on 2021-10-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	EasyRSA Charm	New	Undecided	Unassigned

Bug Description

According to the docstring in `configure_client_authorization()` function [1], "clientAuth" extendedUsage should be added to the server certificates only if `tls.client.authorization.required` flag is set. However I can't find anything that would check for this condition and it seems that the "clientAuth" is added to the "extendedUsage" by default.

I'm not sure if the docstring is outdated or the conditional check is missing (or it's there and I somehow missed it).

---
[1] https://github.com/charmed-kubernetes/layer-easyrsa/blob/44f635b92624be5882c70ca1544d79f5d8483e24/reactive/easyrsa.py#L134

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.