]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
priorities: Added internal option to allow key usage violations in server side
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 14 Aug 2015 10:14:08 +0000 (12:14 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 14 Aug 2015 10:14:08 +0000 (12:14 +0200)
lib/gnutls_cert.c
lib/gnutls_int.h
lib/gnutls_priority.c
lib/priority_options.gperf

index c80bb071f8779c80afe665b5fba75ba3d30f9b0a..54ec023a9e952f5274a1e367b9090a891e7765fb 100644 (file)
@@ -267,7 +267,8 @@ _gnutls_selected_cert_supported_kx(gnutls_session_t session,
                pk = _gnutls_map_pk_get_pk(kx);
                if (pk == cert_pk) {
                        /* then check key usage */
-                       if (_gnutls_check_key_usage(cert, kx) == 0) {
+                       if (_gnutls_check_key_usage(cert, kx) == 0 ||
+                           unlikely(session->internals.priorities.allow_server_key_usage_violation != 0)) {
                                alg[i] = kx;
                                i++;
 
index 3f327943e06b3d86088ba13ffcf093ec915d39e2..848acfec866b55e48072489d21b571e458406f4a 100644 (file)
@@ -663,6 +663,7 @@ struct gnutls_priority_st {
        bool min_record_version;
        bool server_precedence;
        bool allow_key_usage_violation;
+       bool allow_server_key_usage_violation; /* for test suite purposes only */
        bool allow_wrong_pms;
        bool no_tickets;
        bool no_etm;
index 69cf4d7b6eb00b3976a734df4455392537a9a066..652da6722eab523cfc1a815cb1882e2768c5d227 100644 (file)
@@ -712,6 +712,10 @@ static void enable_compat(gnutls_priority_t c)
 {
        ENABLE_COMPAT(c);
 }
+static void enable_server_key_usage_violations(gnutls_priority_t c)
+{
+       c->allow_server_key_usage_violation = 1;
+}
 static void enable_dumbfw(gnutls_priority_t c)
 {
        c->dumbfw = 1;
index b8d1cb5e22cb5d124b585a36e5f79279b2929f55..56c79988fd0ab17e1e20a26a211c68c6857bc8b3 100644 (file)
@@ -34,3 +34,4 @@ PROFILE_ULTRA, enable_profile_ultra
 PROFILE_SUITEB128, enable_profile_suiteb128
 PROFILE_SUITEB192, enable_profile_suiteb192
 NEW_PADDING, dummy_func
+DEBUG_ALLOW_KEY_USAGE_VIOLATIONS, enable_server_key_usage_violations