From bdf01d33c4fe11d3d0959139f7825afde7bb917c Mon Sep 17 00:00:00 2001
From: Aaron Huslage <huslage@gmail.com>
Date: Tue, 5 May 2015 16:53:23 -0400
Subject: [PATCH] Generate more generic certificates that can have other uses.

Added `Digital Signature, Key Encipherment, Key Agreement` Key Usage values.

Signed-off-by: Aaron Huslage <aaron@docker.com>
---
 utils/certs.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/utils/certs.go b/utils/certs.go
index 84361f7694..715f3a32c7 100644
--- a/utils/certs.go
+++ b/utils/certs.go
@@ -55,7 +55,7 @@ func newCertificate(org string) (*x509.Certificate, error) {
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
 
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement,
 		BasicConstraintsValid: true,
 	}, nil
 
@@ -72,6 +72,8 @@ func GenerateCACertificate(certFile, keyFile, org string, bits int) error {
 
 	template.IsCA = true
 	template.KeyUsage |= x509.KeyUsageCertSign
+	template.KeyUsage |= x509.KeyUsageKeyEncipherment
+	template.KeyUsage |= x509.KeyUsageKeyAgreement
 
 	priv, err := rsa.GenerateKey(rand.Reader, bits)
 	if err != nil {