From e01af7367dfb14a76767c7bfb8763e5a705822c1 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 14 May 2012 14:09:52 +0100
Subject: [crypto] Parse OCSPSigning key purpose, if present

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/x509.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/crypto')

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index dc8745dce..a86609340 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -518,6 +518,9 @@ static int x509_parse_key_usage ( struct x509_certificate *cert,
 /** "id-kp-codeSigning" object identifier */
 static uint8_t oid_code_signing[] = { ASN1_OID_CODESIGNING };
 
+/** "id-kp-OCSPSigning" object identifier */
+static uint8_t oid_ocsp_signing[] = { ASN1_OID_OCSPSIGNING };
+
 /** Supported key purposes */
 static struct x509_key_purpose x509_key_purposes[] = {
 	{
@@ -525,6 +528,11 @@ static struct x509_key_purpose x509_key_purposes[] = {
 		.bits = X509_CODE_SIGNING,
 		.oid = ASN1_OID_CURSOR ( oid_code_signing ),
 	},
+	{
+		.name = "ocspSigning",
+		.bits = X509_OCSP_SIGNING,
+		.oid = ASN1_OID_CURSOR ( oid_ocsp_signing ),
+	},
 };
 
 /**
-- 
cgit v1.2.3-55-g7522