From 991e3574dd9d11dac61b302377b29d24a46b89b1 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Fri, 25 Apr 2014 10:41:17 +0200
Subject: [PATCH] Fix bug that incorrectly refuses oid representation eku's in
 polar builds

The return value of x509_get_numeric_string() was interpreted incorrectly
by ssl_verify_polarssl.c's x509_verify_cert_eku(). This patch enables the
usage of oid represenation in --remote-cert-eku options.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Message-Id: <1398415277-6880-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8627
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e238b806f5f3843b80d5b1b2b269679210faa7f6)
---
 src/openvpn/ssl_verify_polarssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 3fd861cb6..8931f8aa7 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -380,7 +380,7 @@ x509_verify_cert_eku (x509_cert *cert, const char * const expected_oid)
 		}
 	    }
 
-	  if (0 == x509_oid_get_numeric_string( oid_num_str,
+	  if (0 < x509_oid_get_numeric_string( oid_num_str,
 	      sizeof (oid_num_str), oid))
 	    {
 	      msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
-- 
2.47.2