mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-04-06 20:46:32 +02:00
75d24d8e35
The existing Mbed TLS API to check whether the ExtendedKeyUsage extension allows an operation. However, this API succeeds when the extension is not present in the certificate. In the case of authorised signers for OCSP responses, the certificate MUST have the extension AND the OCSPSigning field set to be accepted. This commit creates the new function mbedtls_x509_crt_check_extended_key_usage_ext() which is a version of mbedtls_x509_crt_check_extended_key_usage() that returns an error code if the extension is not present in the certificate in question.