Default to validating bundles with x509.ExtKeyUsageAny

As of Go 1.10 Certificate.Verify will check the allowed key usages for
the entire chain: https://golang.org/doc/go1.10#crypto/x509

Author: cbroglie

bundler/bundler.go

@@ -72,17 +72,15 @@ type options struct {
 
 var defaultOptions = options{
 	keyUsages: []x509.ExtKeyUsage{
-		x509.ExtKeyUsageServerAuth,
-		x509.ExtKeyUsageClientAuth,
-		x509.ExtKeyUsageMicrosoftServerGatedCrypto,
-		x509.ExtKeyUsageNetscapeServerGatedCrypto,
+		x509.ExtKeyUsageAny,
 	},
 }
 
 // An Option sets options such as allowed key usages, etc.
 type Option func(*options)
 
-// WithKeyUsages lets you set which Extended Key Usage values are acceptable.
+// WithKeyUsages lets you set which Extended Key Usage values are acceptable. By
+// default x509.ExtKeyUsageAny will be used.
 func WithKeyUsages(usages ...x509.ExtKeyUsage) Option {
 	return func(o *options) {
 		o.keyUsages = usages

bundler/bundler_test.go

@@ -912,11 +912,7 @@ func TestBundlerWithEmptyRootInfo(t *testing.T) {
 }
 
 func TestBundlerClientAuth(t *testing.T) {
-	b, err := NewBundler(
-		"testdata/client-auth/root.pem",
-		"testdata/client-auth/int.pem",
-		WithKeyUsages(x509.ExtKeyUsageClientAuth),
-	)
+	b, err := NewBundler("testdata/client-auth/root.pem", "testdata/client-auth/int.pem")
 	if err != nil {
 		t.Fatal(err)
 	}