From e01af7367dfb14a76767c7bfb8763e5a705822c1 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 14 May 2012 14:09:52 +0100
Subject: [crypto] Parse OCSPSigning key purpose, if present

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/asn1.h | 7 +++++++
 src/include/ipxe/x509.h | 1 +
 2 files changed, 8 insertions(+)

(limited to 'src/include/ipxe')

diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h
index 222e32ece..cd5c3306d 100644
--- a/src/include/ipxe/asn1.h
+++ b/src/include/ipxe/asn1.h
@@ -176,6 +176,13 @@ struct asn1_cursor {
 	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
 	ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
 
+/** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
+#define ASN1_OID_OCSPSIGNING					\
+	ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ),	\
+	ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ),		\
+	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
+	ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
+
 /** Define an ASN.1 cursor containing an OID */
 #define ASN1_OID_CURSOR( oid_value ) {				\
 		.data = oid_value,				\
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 8b1dda25f..6dc31b45e 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -119,6 +119,7 @@ struct x509_extended_key_usage {
  */
 enum x509_extended_key_usage_bits {
 	X509_CODE_SIGNING = 0x0001,
+	X509_OCSP_SIGNING = 0x0002,
 };
 
 /** X.509 certificate OCSP responder */
-- 
cgit v1.2.3-55-g7522