/** "id-kp-codeSigning" object identifier */
static uint8_t oid_code_signing[] = { ASN1_OID_CODESIGNING };
+/** "id-kp-OCSPSigning" object identifier */
+static uint8_t oid_ocsp_signing[] = { ASN1_OID_OCSPSIGNING };
+
/** Supported key purposes */
static struct x509_key_purpose x509_key_purposes[] = {
{
.bits = X509_CODE_SIGNING,
.oid = ASN1_OID_CURSOR ( oid_code_signing ),
},
+ {
+ .name = "ocspSigning",
+ .bits = X509_OCSP_SIGNING,
+ .oid = ASN1_OID_CURSOR ( oid_ocsp_signing ),
+ },
};
/**
ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
+/** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
+#define ASN1_OID_OCSPSIGNING \
+ ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
+ ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
+ ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
+ ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
+
/** Define an ASN.1 cursor containing an OID */
#define ASN1_OID_CURSOR( oid_value ) { \
.data = oid_value, \
*/
enum x509_extended_key_usage_bits {
X509_CODE_SIGNING = 0x0001,
+ X509_OCSP_SIGNING = 0x0002,
};
/** X.509 certificate OCSP responder */
projects / thirdparty / ipxe.git / commitdiff
