diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-10 18:44:17 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-10 18:46:31 +0200 |
| commit | 07d2b39123dad0b25ad722651f9583ee1be195dd (patch) | |
| tree | 6627d13c9f7d7319b7f23ecc05b74b318c385159 /src | |
| parent | a0a8aaaf4ffa9a74a7978e902fb9bea270efb8b2 (diff) | |
| download | strongswan-07d2b39123dad0b25ad722651f9583ee1be195dd.tar.bz2 strongswan-07d2b39123dad0b25ad722651f9583ee1be195dd.tar.xz | |
Parse important extendedKeyUsage flags in openssl plugin
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 4659e1e88..4cc935625 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -765,6 +765,38 @@ static bool parse_extensions(private_openssl_x509_t *this) } /** + * Parse ExtendedKeyUsage + */ +static void parse_extKeyUsage(private_openssl_x509_t *this) +{ + EXTENDED_KEY_USAGE *usage; + int i; + + usage = X509_get_ext_d2i(this->x509, NID_ext_key_usage, NULL, NULL); + if (usage) + { + for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++) + { + switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i))) + { + case NID_server_auth: + this->flags |= X509_SERVER_AUTH; + break; + case NID_client_auth: + this->flags |= X509_CLIENT_AUTH; + break; + case NID_OCSP_sign: + this->flags |= X509_OCSP_SIGNER; + break; + default: + break; + } + } + sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free); + } +} + +/** * Parse a DER encoded x509 certificate */ static bool parse_certificate(private_openssl_x509_t *this) @@ -823,6 +855,7 @@ static bool parse_certificate(private_openssl_x509_t *this) { return TRUE; } + parse_extKeyUsage(this); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) |