return FALSE;
}
+/**
+ * Parse ExtendedKeyUsage
+ */
+static bool parse_extKeyUsage_ext(private_openssl_x509_t *this,
+ X509_EXTENSION *ext)
+{
+ EXTENDED_KEY_USAGE *usage;
+ int i;
+
+ usage = X509V3_EXT_d2i(ext);
+ if (usage)
+ {
+ for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++)
+ {
+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i)))
+ {
+ case NID_server_auth:
+ this->flags |= X509_SERVER_AUTH;
+ break;
+ case NID_client_auth:
+ this->flags |= X509_CLIENT_AUTH;
+ break;
+ case NID_OCSP_sign:
+ this->flags |= X509_OCSP_SIGNER;
+ break;
+ default:
+ break;
+ }
+ }
+ sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free);
+ return TRUE;
+ }
+ return FALSE;
+}
+
/**
* Parse CRL distribution points
*/
case NID_key_usage:
ok = parse_keyUsage_ext(this, ext);
break;
+ case NID_ext_key_usage:
+ ok = parse_extKeyUsage_ext(this, ext);
+ break;
case NID_crl_distribution_points:
ok = parse_crlDistributionPoints_ext(this, ext);
break;
return TRUE;
}
-/**
- * Parse ExtendedKeyUsage
- */
-static void parse_extKeyUsage(private_openssl_x509_t *this)
-{
- EXTENDED_KEY_USAGE *usage;
- int i;
-
- usage = X509_get_ext_d2i(this->x509, NID_ext_key_usage, NULL, NULL);
- if (usage)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++)
- {
- switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i)))
- {
- case NID_server_auth:
- this->flags |= X509_SERVER_AUTH;
- break;
- case NID_client_auth:
- this->flags |= X509_CLIENT_AUTH;
- break;
- case NID_OCSP_sign:
- this->flags |= X509_OCSP_SIGNER;
- break;
- default:
- break;
- }
- }
- sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free);
- }
-}
-
/**
* Parse a DER encoded x509 certificate
*/
{
return FALSE;
}
- parse_extKeyUsage(this);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher || !hasher->allocate_hash(hasher, this->encoding, &this->hash))
projects / thirdparty / strongswan.git / commitdiff
