From e770c8a2d5ae827e6c0e0f511134ba21e1c121e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Jaramago=20Fern=C3=A1ndez?=
 <jaramago.fernandez.javier@gmail.com>
Date: Fri, 23 Apr 2021 08:46:39 +0200
Subject: [PATCH] Closes #3412: Self generated certificates now exhibit the
 same 'X509v3 Basic Constraints' as MySQL self generated ones

---
 src/main.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main.cpp b/src/main.cpp
index efe8cc5f5..3df0e90b7 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -368,9 +368,11 @@ X509 * generate_x509(EVP_PKEY *pkey, const unsigned char *cn, uint32_t serial, i
 	X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, cn, -1, -1, 0);
 
 	if (ca_x509) {
+		X509_EXTENSION* extension = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical, CA:FALSE");
+		X509_add_ext(x, extension, -1);
 		rc = X509_set_issuer_name(x, X509_get_subject_name(ca_x509));
 	} else {
-		X509_EXTENSION* extension = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical, CA:FALSE");
+		X509_EXTENSION* extension = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints, "critical, CA:TRUE");
 		X509_add_ext(x, extension, -1);
 		rc = X509_set_issuer_name(x, name);
 	}