Fix bug that incorrectly refuses oid representation eku's in polar builds

The return value of x509_get_numeric_string() was interpreted incorrectly
by ssl_verify_polarssl.c's x509_verify_cert_eku(). This patch enables the
usage of oid represenation in --remote-cert-eku options.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Message-Id: <1398415277-6880-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8627
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e238b806f5f3843b80d5b1b2b269679210faa7f6)

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 3fd861cb6f179cb73f8952acf286cd5821eaadd0..8931f8aa774ef1d94d1caee01e9e9edb835f9344 100644 (file)
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -380,7 +380,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)
                }
            }
 
-         if (0 == x509_oid_get_numeric_string( oid_num_str,
+         if (0 < x509_oid_get_numeric_string( oid_num_str,
              sizeof (oid_num_str), oid))
            {
              msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",