additional debugging for basic constraints

2024-08-22 18:06:09 -07:00
parent e68d22337b
commit c761d98b82
1 changed files with 8 additions and 0 deletions
--- a/cmd/certdump/certdump.go
+++ b/cmd/certdump/certdump.go
@@ -110,6 +110,14 @@ func showBasicConstraints(cert *x509.Certificate) {

 	if cert.IsCA {
 		fmt.Printf(", is a CA certificate")
+		if !cert.BasicConstraintsValid {
+			fmt.Printf(" (basic constraint failure)")
+		}
+	} else {
+		fmt.Printf("is not a CA certificate")
+		if cert.KeyUsage&x509.KeyUsageKeyEncipherment != 0 {
+			fmt.Printf(" (key encipherment usage enabled!)")
+		}
 	}

 	if (cert.MaxPathLen == 0 && cert.MaxPathLenZero) || (cert.MaxPathLen > 0) {