Refactored: Netscape certificate type verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-06-30 13:51:16 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-21 14:51:45 +0200
commit: 06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (patch)
tree: 84a5685bb717b30e73743b9d81a670f78d0ac878 /ssl_verify_openssl.c
parent: fe100528c780548c21d664d1c14b37cbfd4c3e0f (diff)
download: openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.gz
openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.xz
openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c
index 417e5d7..033af1d 100644
--- a/ssl_verify_openssl.c
+++ b/ssl_verify_openssl.c
@@ -377,3 +377,18 @@ setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *peer_cert)
       OPENSSL_free (buf);
     }
 }
+
+bool
+verify_nsCertType(const x509_cert_t *peer_cert, const int usage)
+{
+  if (usage == NS_CERT_CHECK_NONE)
+    return true;
+  if (usage == NS_CERT_CHECK_CLIENT)
+    return ((peer_cert->ex_flags & EXFLAG_NSCERT)
+	&& (peer_cert->ex_nscert & NS_SSL_CLIENT));
+  if (usage == NS_CERT_CHECK_SERVER)
+    return ((peer_cert->ex_flags & EXFLAG_NSCERT)
+	&& (peer_cert->ex_nscert & NS_SSL_SERVER));
+
+  return false;
+}
author	Adriaan de Jong <dejong@fox-it.com>	2011-06-30 13:51:16 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-21 14:51:45 +0200
commit	06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (patch)
tree	84a5685bb717b30e73743b9d81a670f78d0ac878 /ssl_verify_openssl.c
parent	fe100528c780548c21d664d1c14b37cbfd4c3e0f (diff)
download	openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.gz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.xz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.zip