Check keyUsage in SSL client and server

commit: 7f2a07d7b2d5edbe9dfd7803103041ca30bee250 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Apr 09 09:50:57 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Apr 09 15:50:57 2014 +0200
tree: 94c23620354a90807b90b45246eb3cd3bb22ad1c
parent: 603116c570f55f3d00f705d1862e7f685522162f [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c866b6f..82cdb53 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -1657,6 +1657,19 @@
     return( ssl->handshake->key_cert == NULL ? NULL
             : ssl->handshake->key_cert->cert );
 }
+
+/*
+ * Check usage of a certificate wrt extensions:
+ * keyUsage, extendedKeyUsage (later), and nSCertType (later).
+ *
+ * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
+ * check a cert we received from them)!
+ *
+ * Return 0 if everything is OK, -1 if not.
+ */
+int ssl_check_cert_usage( const x509_crt *cert,
+                          const ssl_ciphersuite_t *ciphersuite,
+                          int cert_endpoint );
 #endif /* POLARSSL_X509_CRT_PARSE_C */
 
 /* constant-time buffer comparison */
commit	7f2a07d7b2d5edbe9dfd7803103041ca30bee250	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Apr 09 09:50:57 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Apr 09 15:50:57 2014 +0200
tree	94c23620354a90807b90b45246eb3cd3bb22ad1c
parent	603116c570f55f3d00f705d1862e7f685522162f [diff] [blame]