Removed an incorrect key use check.

cyassl/error-ssl.h

@@ -116,7 +116,6 @@ enum CyaSSL_ErrorCodes {
     UNKNOWN_MAX_FRAG_LEN_E  = -282,        /* Unrecognized max frag len Error */
     /* add strings to SetErrorString !!!!! */
     KEYUSE_SIGNATURE_E      = -283,        /* KeyUse digSignature error */
-    KEYUSE_AGREEMENT_E      = -284,        /* KeyUse keyAgreement error */
     KEYUSE_ENCIPHER_E       = -285,        /* KeyUse keyEncipher error */
     EXTKEYUSE_AUTH_E        = -286,        /* ExtKeyUse server|client_auth */
 

src/internal.c

@@ -3472,13 +3472,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
                 fatal = 1;
                 ret = KEYUSE_ENCIPHER_E;
             }
-            if ((ssl->specs.kea == diffie_hellman_kea ||
-                    ssl->specs.kea == ecc_diffie_hellman_kea ||
-                    ssl->specs.kea == ecc_static_diffie_hellman_kea) &&
-                (dCert.extKeyUsage & KEYUSE_KEY_AGREE) == 0) {
-                fatal = 1;
-                ret = KEYUSE_AGREEMENT_E;
-            }
             if ((ssl->specs.sig_algo == rsa_sa_algo ||
                     ssl->specs.sig_algo == ecc_dsa_sa_algo) &&
                 (dCert.extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
@@ -6498,10 +6491,6 @@ void SetErrorString(int error, char* str)
         XSTRNCPY(str, "Key Use digitalSignature not set Error", max);
         break;
 
-    case KEYUSE_AGREEMENT_E:
-        XSTRNCPY(str, "Key Use keyAgreement not set Error", max);
-        break;
-
     case KEYUSE_ENCIPHER_E:
         XSTRNCPY(str, "Key Use keyEncipherment not set Error", max);
         break;