pk = _gnutls_map_pk_get_pk(kx);
if (pk == cert_pk) {
/* then check key usage */
- if (_gnutls_check_key_usage(cert, kx) == 0) {
+ if (_gnutls_check_key_usage(cert, kx) == 0 ||
+ unlikely(session->internals.priorities.allow_server_key_usage_violation != 0)) {
alg[i] = kx;
i++;
bool min_record_version;
bool server_precedence;
bool allow_key_usage_violation;
+ bool allow_server_key_usage_violation; /* for test suite purposes only */
bool allow_wrong_pms;
bool no_tickets;
bool no_etm;
{
ENABLE_COMPAT(c);
}
+static void enable_server_key_usage_violations(gnutls_priority_t c)
+{
+ c->allow_server_key_usage_violation = 1;
+}
static void enable_dumbfw(gnutls_priority_t c)
{
c->dumbfw = 1;
PROFILE_SUITEB128, enable_profile_suiteb128
PROFILE_SUITEB192, enable_profile_suiteb192
NEW_PADDING, dummy_func
+DEBUG_ALLOW_KEY_USAGE_VIOLATIONS, enable_server_key_usage_violations