diff options
author | Jack Lloyd <[email protected]> | 2016-08-29 11:21:36 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-08-29 11:21:36 -0400 |
commit | a09d2df0885137ea6d7af181e3bcc823412850d8 (patch) | |
tree | 0403860376f19d45167180a71925a3cfc11a1538 /src | |
parent | 2e2e8a274f75e639809e95405d5284bcf095cd3e (diff) |
Fix TLS server cert validation problem GH #611
Fallout from #591
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/cert/x509/x509cert.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/cert/x509/x509cert.cpp b/src/lib/cert/x509/x509cert.cpp index 20a4bca25..cb9b644bc 100644 --- a/src/lib/cert/x509/x509cert.cpp +++ b/src/lib/cert/x509/x509cert.cpp @@ -282,13 +282,13 @@ bool X509_Certificate::allowed_usage(Usage_Type usage) const return true; case Usage_Type::TLS_SERVER_AUTH: - return allowed_usage(Key_Constraints(DATA_ENCIPHERMENT | KEY_ENCIPHERMENT | DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth"); + return (allowed_usage(DATA_ENCIPHERMENT) || allowed_usage(KEY_ENCIPHERMENT) || allowed_usage(DIGITAL_SIGNATURE)) && allowed_extended_usage("PKIX.ServerAuth"); case Usage_Type::TLS_CLIENT_AUTH: - return allowed_usage(Key_Constraints(DIGITAL_SIGNATURE | NON_REPUDIATION)) && allowed_extended_usage("PKIX.ClientAuth"); + return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.ClientAuth"); case Usage_Type::OCSP_RESPONDER: - return allowed_usage(Key_Constraints(DIGITAL_SIGNATURE | NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning"); + return (allowed_usage(DIGITAL_SIGNATURE) || allowed_usage(NON_REPUDIATION)) && allowed_extended_usage("PKIX.OCSPSigning"); case Usage_Type::CERTIFICATE_AUTHORITY: return is_CA_cert(); |