From 063f1f0c693a10aab6a7227df15d4120ed824856 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 1 Sep 2015 17:48:05 +0100
Subject: [PATCH] functions to retrieve certificate flags

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/x509v3/v3_purp.c  | 22 ++++++++++++++++++++++
 include/openssl/x509v3.h |  5 +++++
 2 files changed, 27 insertions(+)

diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 1f9296a930..13c512050b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -841,3 +841,25 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
     }
     return X509_V_OK;
 }
+
+uint32_t X509_get_extension_flags(X509 *x)
+{
+    X509_check_purpose(x, -1, -1);
+    return x->ex_flags;
+}
+
+uint32_t X509_get_key_usage(X509 *x)
+{
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_KUSAGE)
+        return x->ex_kusage;
+    return UINT32_MAX;
+}
+
+uint32_t X509_get_extended_key_usage(X509 *x)
+{
+    X509_check_purpose(x, -1, -1);
+    if (x->ex_flags & EXFLAG_XKUSAGE)
+        return x->ex_xkusage;
+    return UINT32_MAX;
+}
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index a46ec5d741..19fcb39883 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -696,6 +696,11 @@ int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE *X509_PURPOSE_get0(int idx);
 int X509_PURPOSE_get_by_sname(char *sname);
-- 
2.25.1