From 2470811b7c4e6707e790499d3c5f120a9ed3d033 Mon Sep 17 00:00:00 2001
From: mmerrill3 <michael.merrill@vonage.com>
Date: Mon, 16 Mar 2020 14:03:02 -0400
Subject: [PATCH] Adding client usage extension for server cert (#305)

Signed-off-by: mmerrill3 <michael.merrill@vonage.com>
---
 pkg/etcd/pki.go          | 2 +-
 pkg/tlsconfig/options.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/etcd/pki.go b/pkg/etcd/pki.go
index dd953763..c3ea2f6c 100644
--- a/pkg/etcd/pki.go
+++ b/pkg/etcd/pki.go
@@ -63,7 +63,7 @@ func (p *etcdProcess) createKeypairs(peersCA *pki.Keypair, clientsCA *pki.Keypai
 
 		certConfig := certutil.Config{
 			CommonName: me.Name,
-			Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+			Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 		}
 
 		if err := addAltNames(&certConfig, me.ClientUrls); err != nil {
diff --git a/pkg/tlsconfig/options.go b/pkg/tlsconfig/options.go
index 2598787e..4d73f593 100644
--- a/pkg/tlsconfig/options.go
+++ b/pkg/tlsconfig/options.go
@@ -48,7 +48,7 @@ func GRPCServerConfig(keypairs *pki.Keypairs, myPeerID string) (*tls.Config, err
 
 	config := certutil.Config{
 		CommonName: "etcd-manager-server-" + myPeerID,
-		Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		Usages:     []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
 	}
 
 	keypair, err := keypairs.EnsureKeypair("etcd-manager-server-"+myPeerID, config, ca)