Add matching on EKU, validate EKUs, add hxtool matching glue, add check. Adapted from pach from Tim Miller of Mitre

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22538 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-01-27 13:05:47 +00:00
parent f2a273e1a3
commit 0ff6dbc8bb
8 changed files with 142 additions and 10 deletions
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -128,7 +128,8 @@ struct hx509_query_data {
 #define HX509_QUERY_MATCH_FUNCTION		0x080000
 #define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000
 #define HX509_QUERY_MATCH_TIME			0x200000
-#define HX509_QUERY_MASK			0x3fffff
+#define HX509_QUERY_MATCH_EKU			0x400000
+#define HX509_QUERY_MASK			0x7fffff
    Certificate *subject;
    Certificate *certificate;
    heim_integer *serial;
@@ -142,6 +143,7 @@ struct hx509_query_data {
    void *cmp_func_ctx;
    heim_octet_string *keyhash_sha1;
    time_t timenow;
+    heim_oid *eku;
 };

 struct hx509_keyset_ops {