summaryrefslogtreecommitdiff
path: root/lib/auth_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/auth_rsa.c')
-rw-r--r--lib/auth_rsa.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index d2ad65984e..c21e8ad3f6 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -447,6 +447,15 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size)
_gnutls_copy_x509_client_auth_info(info, &peer_certificate_list[0], verify);
+ /* This works for the client
+ */
+ if ( peer_certificate_list[0].keyUsage != 0)
+ if ( !(peer_certificate_list[0].keyUsage & X509KEY_KEY_ENCIPHERMENT)) {
+ gnutls_assert();
+ gnutls_free(peer_certificate_list);
+ return GNUTLS_E_X509_KEY_USAGE_VIOLATION;
+ }
+
gnutls_free(peer_certificate_list);
return 0;
@@ -677,6 +686,14 @@ int gen_rsa_client_cert_vrfy(GNUTLS_STATE state, opaque ** data)
}
}
+ /* If our certificate supports signing
+ */
+ if ( apr_cert_list[0].keyUsage != 0)
+ if ( !(apr_cert_list[0].keyUsage & X509KEY_DIGITAL_SIGNATURE)) {
+ gnutls_assert();
+ return GNUTLS_E_X509_KEY_USAGE_VIOLATION;
+ }
+
if (apr_pkey != NULL) {
if ( (ret=_gnutls_generate_sig( state, apr_pkey, &signature)) < 0) {
gnutls_assert();
View Lorry Controller Status