relax cert verification constraints

we have more than just server auth!
2025-06-29 08:25:28 +02:00
parent 37713f8c16
commit 48201132bd
1 changed files with 1 additions and 1 deletions
--- a/cmd/dkl-local-server/tls-ca.go
+++ b/cmd/dkl-local-server/tls-ca.go
@ -148,7 +148,7 @@ func getUsableKeyCert(cluster, caName, name, profile, label string, req *csr.Cer
 					return
 				}

-				_, err = cert.Verify(x509.VerifyOptions{Roots: pool})
+				_, err = cert.Verify(x509.VerifyOptions{Roots: pool, KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}})
 				return
 			}()
 			if err == nil {