Merge verification of the keyUsage extension in X.509 certificates

2014-04-09 15:53:24 +02:00 · 2014-04-09 15:53:24 +02:00 · 043a2e26d0
commit 043a2e26d0
parent 2abed84225 02ff5ce594
20 changed files with 592 additions and 54 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -1657,6 +1657,19 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl )
    return( ssl->handshake->key_cert == NULL ? NULL
            : ssl->handshake->key_cert->cert );
 }
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int ssl_check_cert_usage( const x509_crt *cert,
+                          const ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint );
 #endif /* POLARSSL_X509_CRT_PARSE_C */

 /* constant-time buffer comparison */