From 00b829d50389c6a8dd25145355a8e6599a7c378a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 18 Aug 2017 17:26:30 +0200
Subject: trust: Respect anyExtendedKeyUsage in CA certificates

---
 trust/enumerate.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'trust/enumerate.c')

diff --git a/trust/enumerate.c b/trust/enumerate.c
index 731fadc..9b43b9b 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -374,6 +374,11 @@ on_iterate_load_filter (p11_kit_iter *iter,
 	if (ex->limit_to_purposes && ex->purposes) {
 		*matches = CK_FALSE;
 		for (i = 0; i < ex->purposes->num; i++) {
+			if (strcmp (ex->purposes->elem[i], P11_OID_ANY_EXTENDED_KEY_USAGE_STR) == 0) {
+				p11_debug ("anyExtendedKeyUsage is set, skipping filtering by purposes");
+				*matches = CK_TRUE;
+				break;
+			}
 			if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) {
 				*matches = CK_TRUE;
 				break;
-- 
cgit v1.1