const char *x509_oid_get_description( x509_buf *oid )
{
const char *desc = NULL;
int ret;
ret = oid_get_extended_key_usage( oid, &desc );
if( ret != 0 )
return( NULL );
return( desc );
}
result_t
x509_verify_cert_eku (x509_crt *cert, const char * const expected_oid)
{
result_t fFound = FAILURE;
if (!(cert->ext_types & EXT_EXTENDED_KEY_USAGE))
{
msg (D_HANDSHAKE, "Certificate does not have extended key usage extension");
}
else
{
x509_sequence *oid_seq = &(cert->ext_key_usage);
msg (D_HANDSHAKE, "Validating certificate extended key usage");
while (oid_seq != NULL)
{
x509_buf *oid = &oid_seq->buf;
char oid_num_str[1024];
const char *oid_str;
if (0 == oid_get_extended_key_usage( oid, &oid_str ))
{
msg (D_HANDSHAKE, "++ Certificate has EKU (str) %s, expects %s",
oid_str, expected_oid);
if (!strcmp (expected_oid, oid_str))
{
fFound = SUCCESS;
break;
}
}
if (0 < oid_get_numeric_string( oid_num_str,
sizeof (oid_num_str), oid))
{
msg (D_HANDSHAKE, "++ Certificate has EKU (oid) %s, expects %s",
oid_num_str, expected_oid);
if (!strcmp (expected_oid, oid_num_str))
{
fFound = SUCCESS;
break;
}
}
oid_seq = oid_seq->next;
}
}
return fFound;
}
