pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:42:   protected enum keyUsage {    digitalSignature = 1<<0,    nonRepudiation = 1<<1,    keyEncipherment = 1<<2,    dataEncipherment = 1<<3,    keyAgreement = 1<<4,    keyCertSign = 1<<5,    cRLSign = 1<<6,    encipherOnly = 1<<7,    decipherOnly = 1<<8, +  last_keyUsage = 1<<9, // end marker   };      // Generates the reverse int for keyUsage.   protected BitString build_keyUsage(keyUsage i)   {    string v = "";    int pos=7, char;       while(i)    {
pike.git/lib/modules/Standards.pmod/X509.pmod:1243:       // id-ce-keyUsage is required.    crit[.PKCS.Identifiers.ce_ids.keyUsage]=0;    if( !(tbs->ext_keyUsage & keyCertSign) )    {    DBG("verify ca: id-ce-keyUsage doesn't allow keyCertSign.\n");    return 0;    }    // FIXME: RFC 5759 also requires CRLSign set.    if( tbs->ext_keyUsage & -  (~(keyCertSign | cRLSign | digitalSignature | nonRepudiation)&0xffff) ) +  (~(keyCertSign | cRLSign | digitalSignature | +  nonRepudiation)&(last_keyUsage-1)) )    {    DBG("verify ca: illegal CA uses in id-ce-keyUsage.\n");    return 0;    }       // FIXME: In addition RFC 5759 requires policyMappings,    // policyConstraints and inhibitAnyPolicy to be processed in    // accordance with RFC 5280.       // One or more critical extensions have not been processed.