From a58a3a3bea07178ba6c61f265e0dd6d9d43a186d Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <smirnov.andrey@gmail.com>
Date: Wed, 27 Feb 2019 01:06:57 +0300
Subject: [PATCH] Provision CA extension in CA cert

Without that, on modern OpenSSL libs this gives an error:

```
verify error:num=24:invalid CA certificate
```
---
 bin/create_certificates.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bin/create_certificates.py b/bin/create_certificates.py
index 852033d..0bd1569 100755
--- a/bin/create_certificates.py
+++ b/bin/create_certificates.py
@@ -31,6 +31,8 @@ def create_self_signed_certificate(subject_name, private_key, days_valid=365):
         private_key.public_key()
     ).serial_number(
         x509.random_serial_number()
+    ).add_extension(
+        x509.BasicConstraints(ca=True, path_length=None), critical=True
     ).not_valid_before(
         datetime.datetime.utcnow()
     ).not_valid_after(