Commit 34a16d96 authored by Nathan Heldt-Sheller's avatar Nathan Heldt-Sheller

[IOT-3203] keyUsage digitalSignature bit

Per CR 2611, CA and SubCA Certificates may (or may not) include
the keyUsage "digitalSignature" bit.  This change removes that
bit from the list of disallowed bits.

Change-Id: Ib70b838518bf2375be7b4ade9b5ab9d98cb397e9
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
parent 10633e8e
......@@ -58,8 +58,7 @@ static const unsigned int s_eeNonKeyUsage = MBEDTLS_X509_KU_NON_REPUDIATION |
static const unsigned int s_caKeyUsage = MBEDTLS_X509_KU_KEY_CERT_SIGN |
MBEDTLS_X509_KU_CRL_SIGN;
static const unsigned int s_caNonKeyUsage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
MBEDTLS_X509_KU_NON_REPUDIATION |
static const unsigned int s_caNonKeyUsage = MBEDTLS_X509_KU_NON_REPUDIATION |
MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
MBEDTLS_X509_KU_KEY_AGREEMENT |
......@@ -200,7 +199,7 @@ CertProfileViolations ValidateEndEntityCertProfile(const mbedtls_x509_crt *cert)
// OCF requirements exist for the following extensions, but w/o mbedTLS support
// * check for certificate policies, if present must be 1.3.6.1.4.1.51414.0.1.1
// * cRL Distributiojn Points
// * cRL Distribution Points
if (NULL == cert)
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment