commit 7afb8a0dca4036a118b62eac170575415d2350c2
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Apr 10 17:53:56 2014 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 11 11:09:00 2014 +0200
tree 20b4e753d62c6d33f366b67ed446e9727a725d10
parent d6ad8e949b3dce716601ea269e095db1b617533a

Add x509_crt_check_extended_key_usage()

include/polarssl/x509_crt.h

diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index 93340ec..8e63381 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -264,6 +264,24 @@
 int x509_crt_check_key_usage( const x509_crt *crt, int usage );
 #endif /* POLARSSL_X509_CHECK_KEY_USAGE) */
 
+#if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
+/**
+ * \brief          Check usage of certificate against extentedJeyUsage.
+ *
+ * \param crt      Leaf certificate used.
+ * \param usage_oid Intended usage (eg OID_SERVER_AUTH or OID_CLIENT_AUTH).
+ * \param usage_len Length of usage_oid (eg given by OID_SIZE()).
+ *
+ * \return         0 is this use of the certificate is allowed,
+ *                 POLARSSL_ERR_X509_BAD_INPUT_DATA if not.
+ *
+ * \note           Usually only makes sense on leaf certificates.
+ */
+int x509_crt_check_extended_key_usage( const x509_crt *crt,
+                                       const char *usage_oid,
+                                       size_t usage_len );
+#endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE) */
+
 #if defined(POLARSSL_X509_CRL_PARSE_C)
 /**
  * \brief          Verify the certificate revocation status