diff --git a/pkg/hsm/hsm.go b/pkg/hsm/hsm.go index 7ec99ba..1780956 100644 --- a/pkg/hsm/hsm.go +++ b/pkg/hsm/hsm.go @@ -20,6 +20,11 @@ import ( "github.com/ThalesIgnite/crypto11" ) +var ( + // 1.3.6.1.4.1.18506.2.3.1 Class3 Policy Version 1 + oidCAcertClass3PolicyV1 = []int{1, 3, 6, 1, 4, 1, 18506, 2, 3, 1} +) + func GetRootCACertificate(p11Context *crypto11.Context, settings *config.Settings, caCert *config.CaCertificateEntry) (*x509.Certificate, crypto.Signer, error) { keyPair, err := getKeyPair(p11Context, caCert.Label, caCert.KeyInfo) if err != nil { @@ -112,7 +117,7 @@ func GetIntermediaryCACertificate( CRLDistributionPoints: []string{settings.BuildCRLUrl(caCert.Parent)}, PolicyIdentifiers: []asn1.ObjectIdentifier{ // use policy identifiers from http://wiki.cacert.org/OidAllocation - {1, 3, 6, 1, 4, 1, 18506, 2, 3, 1}, // 1.3.6.1.4.1.18506.2.3.1 Class3 Policy Version 1 + oidCAcertClass3PolicyV1, }, }, )