From 574ea527437ba49f1a0fc7b445af203c788cd5a7 Mon Sep 17 00:00:00 2001
From: Robert Panzer <rpanzer@walmartlabs.com>
Date: Mon, 17 Jun 2019 11:22:04 +0200
Subject: [PATCH] Add serverAuth EKU to client certs for Service Mesh mTLS
 setups

---
 cert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cert.go b/cert.go
index ff62c0a..aa5960a 100644
--- a/cert.go
+++ b/cert.go
@@ -80,7 +80,7 @@ func (m *mkcert) makeCert(hosts []string) {
 	}
 
 	if m.client {
-		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
 	} else if len(tpl.IPAddresses) > 0 || len(tpl.DNSNames) > 0 {
 		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
 	}