From 356b30e954745621666927e772a8822498b3c9a0 Mon Sep 17 00:00:00 2001
From: Patrick Zheng <patrickzheng@microsoft.com>
Date: Thu, 18 Apr 2024 09:02:25 +0800
Subject: [PATCH] fix: leaf certificate validation (#202)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
---
 x509/cert_validations.go      | 3 ---
 x509/cert_validations_test.go | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/x509/cert_validations.go b/x509/cert_validations.go
index 7946ef16..8dd7d0ed 100644
--- a/x509/cert_validations.go
+++ b/x509/cert_validations.go
@@ -186,9 +186,6 @@ func validateLeafKeyUsage(cert *x509.Certificate) error {
 	}
 
 	var invalidKeyUsages []string
-	if cert.KeyUsage&x509.KeyUsageContentCommitment != 0 {
-		invalidKeyUsages = append(invalidKeyUsages, `"ContentCommitment"`)
-	}
 	if cert.KeyUsage&x509.KeyUsageKeyEncipherment != 0 {
 		invalidKeyUsages = append(invalidKeyUsages, `"KeyEncipherment"`)
 	}
diff --git a/x509/cert_validations_test.go b/x509/cert_validations_test.go
index b781dcb8..a11289f7 100644
--- a/x509/cert_validations_test.go
+++ b/x509/cert_validations_test.go
@@ -759,7 +759,7 @@ func TestValidateLeafKeyUsage(t *testing.T) {
 				KeyUsage:   x509.KeyUsageDigitalSignature | x509.KeyUsageContentCommitment,
 				Extensions: extensions,
 			},
-			expectedErrMsg: "The certificate with subject \"CN=Test CN\" is invalid. The key usage must be \"Digital Signature\" only, but found \"ContentCommitment\"",
+			expectedErrMsg: "",
 		},
 		{
 			name: "Missing DigitalSignature usage",