else
usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ if (get_ipsec_ike_status && (get_sign_status (get_tls_server_status()) !=1))
+ usage |= GNUTLS_KEY_NON_REPUDIATION;
+
if (ca_status)
{
ret = get_cert_sign_status ();
if (ret < 0)
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
}
-
- ret = get_ipsec_ike_status ();
- if (ret)
- {
- ret = gnutls_x509_crq_set_key_purpose_oid
- (crq, GNUTLS_KP_IPSEC_IKE, 0);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
- }
}
ret = gnutls_x509_crq_set_key_usage (crq, usage);
if (ret < 0)
error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
}
+
+ ret = get_ipsec_ike_status ();
+ if (ret)
+ {
+ ret = gnutls_x509_crq_set_key_purpose_oid
+ (crq, GNUTLS_KP_IPSEC_IKE, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret));
+ }
}
ret = gnutls_x509_crq_set_key (crq, key);