mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow key use extension errors to be overriden with verify callback

Browse Source
This commit is contained in:
John Safranek 2014-04-14 10:29:29 -07:00
parent 421c08fc61
commit ede2aa9c91
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@ -3490,14 +3490,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
if (dCert.extKeyUsageSet) { if (dCert.extKeyUsageSet) {
if ((ssl->specs.kea == rsa_kea) && if ((ssl->specs.kea == rsa_kea) &&
(dCert.extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { (dCert.extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
fatal = 1;
ret = KEYUSE_ENCIPHER_E; ret = KEYUSE_ENCIPHER_E;
} }
if ((ssl->specs.sig_algo == rsa_sa_algo || if ((ssl->specs.sig_algo == rsa_sa_algo ||
ssl->specs.sig_algo == ecc_dsa_sa_algo) && ssl->specs.sig_algo == ecc_dsa_sa_algo) &&
(dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
CYASSL_MSG("KeyUse Digital Sig not set"); CYASSL_MSG("KeyUse Digital Sig not set");
fatal = 1;
ret = KEYUSE_SIGNATURE_E; ret = KEYUSE_SIGNATURE_E;
} }
} }
@ -3507,7 +3505,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
if ((dCert.extExtKeyUsage & if ((dCert.extExtKeyUsage &
(EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) { (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) {
CYASSL_MSG("ExtKeyUse Server Auth not set"); CYASSL_MSG("ExtKeyUse Server Auth not set");
fatal = 1;
ret = EXTKEYUSE_AUTH_E; ret = EXTKEYUSE_AUTH_E;
} }
} }
@ -3515,7 +3512,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
if ((dCert.extExtKeyUsage & if ((dCert.extExtKeyUsage &
(EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) { (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) {
CYASSL_MSG("ExtKeyUse Client Auth not set"); CYASSL_MSG("ExtKeyUse Client Auth not set");
fatal = 1;
ret = EXTKEYUSE_AUTH_E; ret = EXTKEYUSE_AUTH_E;
} }
} }