One frustration I have with the current x509 package is that I can't create
certificates for use in client authentication that are accepted by the
server in the tls package. I have to drop over to openssl or some other
tool/language to create my certs.
Is there some reason CreateCertificate does not consider the ExtKeyUsage
field from the template?
I'd love to see this added. I have a patchset ready for contribution
assuming this does not conflict with some design decision I'm unaware of.