From 063f1f0c693a10aab6a7227df15d4120ed824856 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 1 Sep 2015 17:48:05 +0100 Subject: [PATCH] functions to retrieve certificate flags Reviewed-by: Rich Salz --- crypto/x509v3/v3_purp.c | 22 ++++++++++++++++++++++ include/openssl/x509v3.h | 5 +++++ 2 files changed, 27 insertions(+) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 1f9296a930..13c512050b 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -841,3 +841,25 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) } return X509_V_OK; } + +uint32_t X509_get_extension_flags(X509 *x) +{ + X509_check_purpose(x, -1, -1); + return x->ex_flags; +} + +uint32_t X509_get_key_usage(X509 *x) +{ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_KUSAGE) + return x->ex_kusage; + return UINT32_MAX; +} + +uint32_t X509_get_extended_key_usage(X509 *x) +{ + X509_check_purpose(x, -1, -1); + if (x->ex_flags & EXFLAG_XKUSAGE) + return x->ex_xkusage; + return UINT32_MAX; +} diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h index a46ec5d741..19fcb39883 100644 --- a/include/openssl/x509v3.h +++ b/include/openssl/x509v3.h @@ -696,6 +696,11 @@ int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); + int X509_PURPOSE_get_count(void); X509_PURPOSE *X509_PURPOSE_get0(int idx); int X509_PURPOSE_get_by_sname(char *sname); -- 2.25.1