wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add compile flag to disable Cert Sign key usage flag check.

Browse Source
This commit is contained in:
John Safranek
2014-03-28 11:21:07 -07:00
parent 4b22986e74
commit b5a27b0f41
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/ssl.c
View File

@@ -1497,13 +1497,15 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
CYASSL_MSG(" Can't add as CA if not actually one");
ret = NOT_CA_ERROR;
}
else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA &&
#ifndef ALLOW_INVALID_CERTSIGN
else if (ret == 0 && cert.isCA == 1 && type != CYASSL_USER_CA &&
(cert.extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
/* Intermediate CA certs are required to have the keyCertSign
* extension set. User loaded root certs are not. */
CYASSL_MSG(" Doesn't have key usage certificate signing");
ret = NOT_CA_ERROR;
}
/* Intermediate CA certs are required to have the keyCertSign
* extension set. User loaded root certs are not. */
CYASSL_MSG(" Doesn't have key usage certificate signing");
ret = NOT_CA_ERROR;
}
#endif
else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
CYASSL_MSG(" Already have this CA, not adding again");
(void)ret;