diff options
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_purp.c')
| -rw-r--r-- | src/lib/libcrypto/x509v3/v3_purp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index 867699b26f..8aecd00e63 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
| @@ -362,6 +362,8 @@ static int ca_check(const X509 *x) | |||
| 362 | else return 0; | 362 | else return 0; |
| 363 | } else { | 363 | } else { |
| 364 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 364 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; |
| 365 | /* If key usage present it must have certSign so tolerate it */ | ||
| 366 | else if (x->ex_flags & EXFLAG_KUSAGE) return 3; | ||
| 365 | else return 2; | 367 | else return 2; |
| 366 | } | 368 | } |
| 367 | } | 369 | } |
| @@ -380,7 +382,7 @@ static int check_ssl_ca(const X509 *x) | |||
| 380 | if(ca_ret != 2) return ca_ret; | 382 | if(ca_ret != 2) return ca_ret; |
| 381 | else return 0; | 383 | else return 0; |
| 382 | } | 384 | } |
| 383 | 385 | ||
| 384 | 386 | ||
| 385 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) | 387 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 386 | { | 388 | { |
| @@ -446,7 +448,7 @@ static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int c | |||
| 446 | int ret; | 448 | int ret; |
| 447 | ret = purpose_smime(x, ca); | 449 | ret = purpose_smime(x, ca); |
| 448 | if(!ret || ca) return ret; | 450 | if(!ret || ca) return ret; |
| 449 | if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; | 451 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; |
| 450 | return ret; | 452 | return ret; |
| 451 | } | 453 | } |
| 452 | 454 | ||