Refactored key usage verification code

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-06-29 14:20:43 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-21 14:51:45 +0200
commit: 876752aed66a143295d9d0d4e61dc9a8beca2f5e (patch)
tree: 8e189e7bed3ded23b11903aac8798d309fc05d7b /ssl_verify_backend.h
parent: 06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (diff)
download: openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.gz
openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.xz
openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h
index 6f0e54e..9b88f71 100644
--- a/ssl_verify_backend.h
+++ b/ssl_verify_backend.h
@@ -154,4 +154,17 @@ void setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *cert);
  */
 bool verify_nsCertType(const x509_cert_t *cert, const int usage);
 
+/*
+ * Verify X.509 key usage extension field.
+ *
+ * @param cert		Certificate to check.
+ * @param expected_ku	Array of valid key usage values
+ * @param expected_len	Length of the key usage array
+ *
+ * @return 		\c true if one of the key usage values matches, \c false
+ * 			if key usage is not enabled, or the values do not match.
+ */
+bool verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,
+    int expected_len);
+
 #endif /* SSL_VERIFY_BACKEND_H_ */
author	Adriaan de Jong <dejong@fox-it.com>	2011-06-29 14:20:43 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-21 14:51:45 +0200
commit	876752aed66a143295d9d0d4e61dc9a8beca2f5e (patch)
tree	8e189e7bed3ded23b11903aac8798d309fc05d7b /ssl_verify_backend.h
parent	06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (diff)
download	openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.gz openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.tar.xz openvpn-876752aed66a143295d9d0d4e61dc9a8beca2f5e.zip