From 3618806fe36159b877a77ced032f1620fe653a03 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Thu, 13 Feb 2020 06:43:17 +0100
Subject: etc/ca-ssl.conf: updated according to email on
 openssl-users@openssl.org

---
 etc/ca-ssl.conf.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/etc/ca-ssl.conf.in b/etc/ca-ssl.conf.in
index ad92ff5..7f6a190 100644
--- a/etc/ca-ssl.conf.in
+++ b/etc/ca-ssl.conf.in
@@ -101,13 +101,13 @@ emailAddress            = optional
 # create.
 
 [ root_ca_ext ]
-keyUsage                = critical,keyCertSign,cRLSign
-basicConstraints        = critical,CA:true
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature
+basicConstraints        = critical,CA:true,pathlen:1
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always
 
 [ signing_ca_ext ]
-keyUsage                = critical,keyCertSign,cRLSign
+keyUsage                = critical,keyCertSign,cRLSign,digitalSignature
 basicConstraints        = critical,CA:true,pathlen:0
 subjectKeyIdentifier    = hash
 authorityKeyIdentifier  = keyid:always
-- 
cgit v1.2.3-54-g00ecf