From: Dr. Stephen Henson Date: Tue, 1 Sep 2015 16:48:05 +0000 (+0100) Subject: functions to retrieve certificate flags X-Git-Tag: OpenSSL_1_1_0-pre1~745 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=063f1f0c693a10aab6a7227df15d4120ed824856;p=oweals%2Fopenssl.git functions to retrieve certificate flags Reviewed-by: Rich Salz --- diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 1f9296a930..13c512050b 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -841,3 +841,25 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } + +uint32_t X509_get_extension_flags(X509 *x) +{ + X509_check_purpose(x, -1, -1); + return x->ex_flags; +} + +uint32_t X509_get_key_usage(X509 *x) +{ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + return UINT32_MAX; +} + +uint32_t X509_get_extended_key_usage(X509 *x) +{ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + return UINT32_MAX; +} diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a46ec5d741..19fcb39883 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -696,6 +696,11 @@ int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); + int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname);