milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 20:20:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'main' into package-min-age

Browse source
This commit is contained in:
Sander Declerck 2025-11-24 14:15:55 +01:00
commit a04bea26da
No known key found for this signature in database
20 changed files with 770 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

10
packages/safe-chain/src/registryProxy/certUtils.js
View file

@ -48,6 +48,16 @@ export function generateCertForHost(hostname) {
digitalSignature: true,
keyEncipherment: true,
},
{
/*
extKeyUsage serverAuth is required for TLS server authentication.
This is especially important for Python venv environments, which use their own
certificate validation logic and will reject certificates lacking the serverAuth EKU.
Adding serverAuth does not impact other usages
*/
name: "extKeyUsage",
serverAuth: true,
},
]);
cert.sign(ca.privateKey, forge.md.sha256.create());