Don't add X509v3 extensions

There is something wrong with the combination of extension we add
that causes OpenSSL to believe these certificates were issued by
a CA and fail to validate them because it can't find the issuing
CA cert.

The certificates work fine without the extensions, so just don't
add them (which is what other Moonlight clients do).

libgamestream/mkcert.c

@@ -32,7 +32,6 @@ static const int SERIAL = 0;
 static const int NUM_YEARS = 10;
 
 int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years);
-int add_ext(X509 *cert, int nid, char *value);
 
 CERT_KEY_PAIR mkcert_generate() {
     BIO *bio_err;
@@ -142,11 +141,6 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
      */
     X509_set_issuer_name(x, name);
 
-    /* Add various extensions: standard extensions */
-    add_ext(x, NID_key_usage, "critical,digitalSignature,keyEncipherment");
-
-    add_ext(x, NID_subject_key_identifier, "hash");
-
     if (!X509_sign(x, pk, EVP_sha256())) {
         goto err;
     }
@@ -158,29 +152,3 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
 err:
     return(0);
 }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
-{
-    X509_EXTENSION *ex;
-    X509V3_CTX ctx;
-    /* This sets the 'context' of the extensions. */
-    /* No configuration database */
-    X509V3_set_ctx_nodb(&ctx);
-    /* Issuer and subject certs: both the target since it is self signed,
-     * no request and no CRL
-     */
-    X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
-    ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
-    if (!ex) {
-        return 0;
-    }
-
-    X509_add_ext(cert, ex, -1);
-    X509_EXTENSION_free(ex);
-    return 1;
-}
-