const char *x509_oid_get_description( x509_buf *oid ) { const char *desc = NULL; int ret; ret = oid_get_extended_key_usage( oid, &desc ); if( ret != 0 ) return( NULL ); return( desc ); }
result_t x509_verify_cert_eku (x509_crt *cert, const char * const expected_oid) { result_t fFound = FAILURE; if (!(cert->ext_types & EXT_EXTENDED_KEY_USAGE)) { msg (D_HANDSHAKE, "Certificate does not have extended key usage extension"); } else { x509_sequence *oid_seq = &(cert->ext_key_usage); msg (D_HANDSHAKE, "Validating certificate extended key usage"); while (oid_seq != NULL) { x509_buf *oid = &oid_seq->buf; char oid_num_str[1024]; const char *oid_str; if (0 == oid_get_extended_key_usage( oid, &oid_str )) { msg (D_HANDSHAKE, "++ Certificate has EKU (str) %s, expects %s", oid_str, expected_oid); if (!strcmp (expected_oid, oid_str)) { fFound = SUCCESS; break; } } if (0 < oid_get_numeric_string( oid_num_str, sizeof (oid_num_str), oid)) { msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s", oid_num_str, expected_oid); if (!strcmp (expected_oid, oid_num_str)) { fFound = SUCCESS; break; } } oid_seq = oid_seq->next; } } return fFound; }