Merge pull request #501 from ejohnstown/key-usage

only check server's cert key encipher on client for RSA key exchange
2016-07-26 15:45:38 -07:00 · 2016-07-26 15:45:38 -07:00 · c834216cca
commit c834216cca
parent 993838153e 0265b0f4bb
1 changed files with 1 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -6489,6 +6489,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #ifndef IGNORE_KEY_EXTENSIONS
        if (dCert->extKeyUsageSet) {
            if ((ssl->specs.kea == rsa_kea) &&
+                (ssl->options.side == WOLFSSL_CLIENT_END) &&
                (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
                ret = KEYUSE_ENCIPHER_E;
            }