safe_renegotiation_t sr;
unsigned int ssl3_record_version:1;
unsigned int server_precedence:1;
+ unsigned int allow_key_usage_violation:1;
unsigned int additional_verify_flags;
};
{
(*priority_cache)->no_padding = 1;
(*priority_cache)->allow_large_records = 1;
+ (*priority_cache)->allow_key_usage_violation = 1;
}
else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
{
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
+ if (session->internals.priorities.allow_key_usage_violation == 0)
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ else
+ _gnutls_audit_log(session, "Key usage violation was detected (ignored).\n");
}
/* External signing. Deprecated. To be removed. */
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
- return GNUTLS_E_KEY_USAGE_VIOLATION;
+ if (session->internals.priorities.allow_key_usage_violation == 0)
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ else
+ _gnutls_audit_log(session, "Key usage violation was detected (ignored).\n");
}
if (pk_algo == GNUTLS_PK_UNKNOWN)