diff options
| author | René Korthaus <[email protected]> | 2016-08-09 15:44:29 +0200 |
|---|---|---|
| committer | René Korthaus <[email protected]> | 2016-08-17 20:26:12 +0200 |
| commit | deef8ba63860efb14c45c5ee1cba2a3faaf8a719 (patch) | |
| tree | 8b065f777b1f0949fafc3645216f118ec25318e2 /src/lib | |
| parent | 422e1891987b4aec7019282a623ebf57c79e7866 (diff) | |
Fix allowed_usage() and add tests for key usage
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/cert/x509/key_constraint.cpp | 2 | ||||
| -rw-r--r-- | src/lib/cert/x509/x509cert.cpp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/cert/x509/key_constraint.cpp b/src/lib/cert/x509/key_constraint.cpp index 137c42144..f10105f91 100644 --- a/src/lib/cert/x509/key_constraint.cpp +++ b/src/lib/cert/x509/key_constraint.cpp @@ -29,7 +29,7 @@ Key_Constraints find_constraints(const Public_Key& pub_key, if(name == "RSA" || name == "RW" || name == "NR" || name == "DSA" || name == "ECDSA" || name == "ECGDSA" || name == "ECKCDSA") - constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION; + constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_CERT_SIGN | CRL_SIGN; if(limits) constraints &= limits; diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index 110014f0e..20a4bca25 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -258,7 +258,7 @@ bool X509_Certificate::allowed_usage(Key_Constraints usage) const { if(constraints() == NO_CONSTRAINTS) return true; - return ((constraints() & usage) != 0); + return ((constraints() & usage) == usage); } bool X509_Certificate::allowed_extended_usage(const std::string& usage) const |