From 9f583c670fe42e813e043ddfb3543278646c6a7b Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Tue, 27 Oct 2020 12:25:23 +0100
Subject: [PATCH] Drop codeSigning EKU from certificates with email SANs

Unclear how those are correlated.
If it breaks something we can put it back.

Fixes #303
---
 cert.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cert.go b/cert.go
index 34e9e80..457ec2f 100644
--- a/cert.go
+++ b/cert.go
@@ -93,7 +93,7 @@ func (m *mkcert) makeCert(hosts []string) {
 		tpl.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
 	}
 	if len(tpl.EmailAddresses) > 0 {
-		tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageCodeSigning, x509.ExtKeyUsageEmailProtection)
+		tpl.ExtKeyUsage = append(tpl.ExtKeyUsage, x509.ExtKeyUsageEmailProtection)
 	}
 
 	// IIS (the main target of PKCS #12 files), only shows the deprecated