From 85a8733284337756df4c8a04a816aa2bfb5a847f Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus.dahlberg@kau.se>
Date: Wed, 4 Nov 2020 12:51:27 +0100
Subject: moved extended key usage to log parameters

---
 x509.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'x509.go')

diff --git a/x509.go b/x509.go
index 16cc8c6..e0fa3bc 100644
--- a/x509.go
+++ b/x509.go
@@ -172,7 +172,7 @@ func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certif
 	opts := x509.VerifyOptions{
 		Roots:         lp.AnchorPool,
 		Intermediates: intermediatePool,
-		KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld
+		KeyUsages:     lp.KeyUsage, // no extended key usage passes by default
 	}
 
 	chains, err := certificate.Verify(opts)
-- 
cgit v1.2.3