Update the critical to false for SUBJECT_ALT_NAME

Refer to ek-credential spec Section 3.2.9 Subject Alternative Name, this extension should be non-critical when subject is non-empty. Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
sunceping · Sep 18, 2023 · 92a1866 · 92a1866
1 parent 20d5e96
commit 92a1866
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/crypto/src/ek_cert.rs b/src/crypto/src/ek_cert.rs
@@ -161,7 +161,7 @@ pub fn generate_ek_cert(
         .add_extension(Extension::new(KEY_USAGE, Some(true), Some(&ku))?)?
         .add_extension(Extension::new(
             SUBJECT_ALT_NAME,
-            Some(true),
+            Some(false),
             Some(&sub_alt_name),
         )?)?
         .sign(&mut sig_buf, signer)?