Skip to content

Commit 0d93145

Browse files
authored
Merge pull request #5133 from mdmower/ext-key-usage
feat: Support manually defining extended key usage in CSR
2 parents fe4113d + 957bbab commit 0d93145

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

acme.sh

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1243,7 +1243,14 @@ _createcsr() {
12431243
_debug2 csr "$csr"
12441244
_debug2 csrconf "$csrconf"
12451245

1246-
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf"
1246+
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf"
1247+
1248+
if [ "$Le_ExtKeyUse" ]; then
1249+
_savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse"
1250+
printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf"
1251+
else
1252+
printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf"
1253+
fi
12471254

12481255
if [ "$acmeValidationv1" ]; then
12491256
domainlist="$(_idn "$domainlist")"
@@ -7007,6 +7014,7 @@ Parameters:
70077014
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
70087015
--renew-hook <command> Command to be run after each successfully renewed certificate.
70097016
--deploy-hook <hookname> The hook file to deploy cert
7017+
--extended-key-usage <string> Manually define the CSR extended key usage value. The default is serverAuth,clientAuth.
70107018
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
70117019
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
70127020
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
@@ -7698,6 +7706,10 @@ _process() {
76987706
_deploy_hook="$_deploy_hook$2,"
76997707
shift
77007708
;;
7709+
--extended-key-usage)
7710+
Le_ExtKeyUse="$2"
7711+
shift
7712+
;;
77017713
--ocsp-must-staple | --ocsp)
77027714
Le_OCSP_Staple="1"
77037715
;;

0 commit comments

Comments
 (0)