Added checking of the key usage and extended key usage extensions in the

certificates.
2014-04-10 16:50:14 -07:00
parent 1f3bc9263d
commit e79ce42ef4
5 changed files with 72 additions and 0 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1526,6 +1526,8 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
                                            cert.extSubjKeyId, SHA_DIGEST_SIZE);
            #endif
            XMEMCPY(signer->subjectNameHash, cert.subjectHash, SHA_DIGEST_SIZE);
+            signer->keyUsage = cert.extKeyUsageSet ? cert.extKeyUsage : 0xFFFF;
+                                   /* If Key Usage not set, all uses valid. */
            signer->next = NULL;   /* in case lock fails */

            cert.publicKey = 0;  /* don't free here */