add digitalSignature usage to the key (#96)

primait · Oct 17, 2024 · a80a173 · a80a173
1 parent 0b6584f
commit a80a173
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,14 @@ and this project adheres to
 
 ---
 
+## [0.8.1] - 2024-10-17
+
+# Fixed
+
+- Chrome ERR_SSL_KEY_USAGE_INCOMPATIBLE due to the key usage not being configured.
+
+---
+
 ## [0.8.0] - 2024-08-28
 
 - Improve documentation about how to configure Localauth0 in docker.
@@ -184,7 +192,9 @@ Note: images temporairly use the public.ecr.aws/c6i9l4r6/localauth0 registry.
 
 - First release 🎉
 
-[Unreleased]: https://github.com/primait/localauth0/compare/0.8.0...HEAD
+
+[Unreleased]: https://github.com/primait/localauth0/compare/0.8.1...HEAD
+[0.8.1]: https://github.com/primait/localauth0/compare/0.8.0...0.8.1
 [0.8.0]: https://github.com/primait/localauth0/compare/0.7.2...0.8.0
 [0.7.2]: https://github.com/primait/localauth0/compare/0.7.1...0.7.2
 [0.7.1]: https://github.com/primait/localauth0/compare/0.7.0...0.7.1

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 edition = "2021"
 name = "localauth0"
-version = "0.8.0"
+version = "0.8.1"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 

diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ tenant and test it offline for "real".
 In order to run localauth0 docker image execute the following:
 
 ```shell
-docker run -d -p 3000:3000 public.ecr.aws/primaassicurazioni/localauth0:0.8.0
+docker run -d -p 3000:3000 public.ecr.aws/primaassicurazioni/localauth0:0.8.1
 ```
 
 By default, the container exposes an http server on the port 3000 and an https
@@ -247,7 +247,7 @@ Add this snippet to your `docker-compose.yml` file and reference it in your app
 
 ```yaml
 auth0:
-  image: public.ecr.aws/primaassicurazioni/localauth0:0.8.0
+  image: public.ecr.aws/primaassicurazioni/localauth0:0.8.1
   healthcheck:
     test: ["CMD", "/localauth0", "healthcheck"]
   ports:

diff --git a/src/model/certificates.rs b/src/model/certificates.rs
@@ -38,7 +38,14 @@ pub fn generate_certificate(key_pair: &PKey<Private>) -> Result<X509, Error> {
     cert_builder.set_not_after(&not_after)?;
 
     cert_builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
-    cert_builder.append_extension(KeyUsage::new().critical().key_cert_sign().crl_sign().build()?)?;
+    cert_builder.append_extension(
+        KeyUsage::new()
+            .critical()
+            .key_cert_sign()
+            .crl_sign()
+            .digital_signature()
+            .build()?,
+    )?;
 
     let subject_key_identifier = SubjectKeyIdentifier::new().build(&cert_builder.x509v3_context(None, None))?;
     cert_builder.append_extension(subject_key_identifier)?;