Add matching on EKU, validate EKUs, add hxtool matching glue, add check. Adapted from pach from Tim Miller of Mitre

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22538 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-01-27 13:05:47 +00:00
parent f2a273e1a3
commit 0ff6dbc8bb
8 changed files with 142 additions and 10 deletions
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -885,6 +885,17 @@ query(struct query_options *opt, int argc, char **argv)
    if (opt->friendlyname_string)
 	hx509_query_match_friendly_name(q, opt->friendlyname_string);

+    if (opt->eku_string) {
+	heim_oid oid;
+
+	parse_oid(opt->eku_string, NULL, &oid);
+
+	ret = hx509_query_match_eku(q, &oid);
+	if (ret)
+	    errx(1, "hx509_query_match_eku: %d", ret);
+	der_free_oid(&oid);
+    }
+
    if (opt->private_key_flag)
 	hx509_query_match_option(q, HX509_QUERY_OPTION_PRIVATE_KEY);