From 0265b0f4bb53dc0be8b8c556b015da758c950646 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 26 Jul 2016 13:32:54 -0700
Subject: [PATCH] only check server's cert key encipher on client for RSA key
 exchange

---
 src/internal.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/internal.c b/src/internal.c
index 8ec82794b..c908b5b21 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -6489,6 +6489,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #ifndef IGNORE_KEY_EXTENSIONS
         if (dCert->extKeyUsageSet) {
             if ((ssl->specs.kea == rsa_kea) &&
+                (ssl->options.side == WOLFSSL_CLIENT_END) &&
                 (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
                 ret = KEYUSE_ENCIPHER_E;
             }