feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #501 from ejohnstown/key-usage

Browse Source 
only check server's cert key encipher on client for RSA key exchange
This commit is contained in:
toddouska
2016-07-26 15:45:38 -07:00
committed by GitHub
parent 993838153e 0265b0f4bb
commit c834216cca
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/internal.c
View File

@@ -6489,6 +6489,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#ifndef IGNORE_KEY_EXTENSIONS #ifndef IGNORE_KEY_EXTENSIONS
if (dCert->extKeyUsageSet) { if (dCert->extKeyUsageSet) {
if ((ssl->specs.kea == rsa_kea) && if ((ssl->specs.kea == rsa_kea) &&
(ssl->options.side == WOLFSSL_CLIENT_END) &&
(dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { (dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
ret = KEYUSE_ENCIPHER_E; ret = KEYUSE_ENCIPHER_E;
} }