diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 13:51:16 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 14:51:45 +0200 |
commit | 06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (patch) | |
tree | 84a5685bb717b30e73743b9d81a670f78d0ac878 /ssl_verify_openssl.c | |
parent | fe100528c780548c21d664d1c14b37cbfd4c3e0f (diff) | |
download | openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.gz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.xz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.zip |
Refactored: Netscape certificate type verification
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_openssl.c')
-rw-r--r-- | ssl_verify_openssl.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c index 417e5d7..033af1d 100644 --- a/ssl_verify_openssl.c +++ b/ssl_verify_openssl.c @@ -377,3 +377,18 @@ setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *peer_cert) OPENSSL_free (buf); } } + +bool +verify_nsCertType(const x509_cert_t *peer_cert, const int usage) +{ + if (usage == NS_CERT_CHECK_NONE) + return true; + if (usage == NS_CERT_CHECK_CLIENT) + return ((peer_cert->ex_flags & EXFLAG_NSCERT) + && (peer_cert->ex_nscert & NS_SSL_CLIENT)); + if (usage == NS_CERT_CHECK_SERVER) + return ((peer_cert->ex_flags & EXFLAG_NSCERT) + && (peer_cert->ex_nscert & NS_SSL_SERVER)); + + return false; +} |