diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-29 14:20:43 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 14:51:45 +0200 |
commit | 876752aed66a143295d9d0d4e61dc9a8beca2f5e (patch) | |
tree | 8e189e7bed3ded23b11903aac8798d309fc05d7b /ssl_verify_backend.h | |
parent | 06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (diff) | |
download | openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.gz openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.xz openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.zip |
Refactored key usage verification code
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_backend.h')
-rw-r--r-- | ssl_verify_backend.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h index 6f0e54e..9b88f71 100644 --- a/ssl_verify_backend.h +++ b/ssl_verify_backend.h @@ -154,4 +154,17 @@ void setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *cert); */ bool verify_nsCertType(const x509_cert_t *cert, const int usage); +/* + * Verify X.509 key usage extension field. + * + * @param cert Certificate to check. + * @param expected_ku Array of valid key usage values + * @param expected_len Length of the key usage array + * + * @return \c true if one of the key usage values matches, \c false + * if key usage is not enabled, or the values do not match. + */ +bool verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku, + int expected_len); + #endif /* SSL_VERIFY_BACKEND_H_ */ |