trust: Respect anyExtendedKeyUsage in CA certificates

author: Daiki Ueno <dueno@redhat.com> 2017-08-18 17:26:30 +0200
committer: Daiki Ueno <ueno@gnu.org> 2017-10-02 10:34:18 +0200
commit: 00b829d50389c6a8dd25145355a8e6599a7c378a (patch)
tree: da1fd60c9ffc8b0c0946e22ee2e88692a7b7766e /trust/enumerate.c
parent: f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/trust/enumerate.c b/trust/enumerate.c
index 731fadc..9b43b9b 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -374,6 +374,11 @@ on_iterate_load_filter (p11_kit_iter *iter,
 	if (ex->limit_to_purposes && ex->purposes) {
 		*matches = CK_FALSE;
 		for (i = 0; i < ex->purposes->num; i++) {
+			if (strcmp (ex->purposes->elem[i], P11_OID_ANY_EXTENDED_KEY_USAGE_STR) == 0) {
+				p11_debug ("anyExtendedKeyUsage is set, skipping filtering by purposes");
+				*matches = CK_TRUE;
+				break;
+			}
 			if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) {
 				*matches = CK_TRUE;
 				break;
author	Daiki Ueno <dueno@redhat.com>	2017-08-18 17:26:30 +0200
committer	Daiki Ueno <ueno@gnu.org>	2017-10-02 10:34:18 +0200
commit	00b829d50389c6a8dd25145355a8e6599a7c378a (patch)
tree	da1fd60c9ffc8b0c0946e22ee2e88692a7b7766e /trust/enumerate.c
parent	f51ab92f5f81bd08bcf9bd3b0afc545684a6ea7e (diff)