Revert "limit what key usages are allowed"

This reverts commit 65142ff168.

command_verify.go

@@ -156,8 +156,5 @@ func verifyOpts() x509.VerifyOptions {
 		}
 	}
 
-	return x509.VerifyOptions{
-		Roots:     roots,
-		KeyUsages: allowedKeyUsages,
-	}
+	return x509.VerifyOptions{Roots: roots}
 }

main.go

@@ -1,7 +1,6 @@
 package main
 
 import (
-	"crypto/x509"
 	"fmt"
 	"os"
 
@@ -26,12 +25,6 @@ var (
 	fileArgs       []string
 
 	idents []certstore.Identity
-
-	// identity certificates must have one of these extended key usages.
-	allowedKeyUsages = []x509.ExtKeyUsage{
-		x509.ExtKeyUsageCodeSigning,
-		x509.ExtKeyUsageEmailProtection,
-	}
 )
 
 func main() {
@@ -67,9 +60,6 @@ func main() {
 	for _, ident := range idents {
 		defer ident.Close()
 	}
-	if idents, err = filterIdentities(idents); err != nil {
-		faile(err, "failed to filter identities")
-	}
 
 	if *signFlag {
 		if *helpFlag || *verifyFlag || *listKeysFlag {
@@ -115,32 +105,6 @@ func main() {
 	fail("specify --help, --sign, --verify, or --list-keys")
 }
 
-func filterIdentities(in []certstore.Identity) ([]certstore.Identity, error) {
-	var (
-		out  []certstore.Identity
-		cert *x509.Certificate
-		err  error
-	)
-
-IdentityIteration:
-	for _, ident := range in {
-		if cert, err = ident.Certificate(); err != nil {
-			return nil, err
-		}
-
-		for _, kuCert := range cert.ExtKeyUsage {
-			for _, kuAllowed := range allowedKeyUsages {
-				if kuCert == kuAllowed {
-					out = append(out, ident)
-					continue IdentityIteration
-				}
-			}
-		}
-	}
-
-	return out, nil
-}
-
 type statusCode int
 
 func handleExit() {