Check keyUsage in SSL client and server

2014-04-09 09:50:57 +02:00 · 2014-04-09 09:50:57 +02:00 · 7f2a07d7b2
commit 7f2a07d7b2
parent 603116c570
11 changed files with 347 additions and 4 deletions
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -1657,6 +1657,19 @@ static inline x509_crt *ssl_own_cert( ssl_context *ssl )
    return( ssl->handshake->key_cert == NULL ? NULL
            : ssl->handshake->key_cert->cert );
 }
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int ssl_check_cert_usage( const x509_crt *cert,
+                          const ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint );
 #endif /* POLARSSL_X509_CRT_PARSE_C */

 /* constant-time buffer comparison */