From 6f44969e232aef581767cfc6e728bf5771debec8 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Thu, 31 Aug 2017 06:28:09 +0900 Subject: [PATCH] Signature check compatibility --- src/internal.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/internal.c b/src/internal.c index 1cb65c49d..a07730c60 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8645,6 +8645,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* KEEP_PEER_CERT */ #ifndef IGNORE_KEY_EXTENSIONS + #if defined(OPENSSL_EXTRA) + /* when compatibility layer is turned on and no verify is + * set then ignore the certificate key extension */ + if (args->dCert->extKeyUsageSet && + args->dCert->extKeyUsageCrit == 0 && + ssl->options.verifyNone) { + WOLFSSL_MSG("Not verifying certificate key usage"); + } + else + #endif if (args->dCert->extKeyUsageSet) { if ((ssl->specs.kea == rsa_kea) && (ssl->options.side == WOLFSSL_CLIENT_END) && @@ -8660,6 +8670,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } } + #if defined(OPENSSL_EXTRA) + /* when compatibility layer is turned on and no verify is + * set then ignore the certificate key extension */ + if (args->dCert->extExtKeyUsageSet && + args->dCert->extExtKeyUsageCrit == 0 && + ssl->options.verifyNone) { + WOLFSSL_MSG("Not verifying certificate ext key usage"); + } + else + #endif if (args->dCert->extExtKeyUsageSet) { if (ssl->options.side == WOLFSSL_CLIENT_END) { if ((args->dCert->extExtKeyUsage &