Update OCSP

2026-06-29 17:23:38 +08:00 · 2026-06-19 11:56:45 +08:00
parent 12aeed4986
commit 47c9fa8e4f
11 changed files with 302 additions and 28 deletions
--- a/src/x509_ext.c
+++ b/src/x509_ext.c
@@ -1381,6 +1381,7 @@ int x509_key_usage_check(int bits, int cert_type)
 		break;
 	case X509_cert_server_auth:
 	case X509_cert_client_auth:
+	case X509_cert_ocsp_signing:
 		if (!(bits & X509_KU_DIGITAL_SIGNATURE)) {
 			error_print();
 			return -1;
@@ -2170,6 +2171,7 @@ int x509_basic_constraints_check(int ca, int path_len_constraint, int cert_type)
 	case X509_cert_client_auth:
 	case X509_cert_server_key_encipher:
 	case X509_cert_client_key_encipher:
+	case X509_cert_ocsp_signing:
 		if (ca > 0 || path_len_constraint != -1) {
 			error_print();
 			return -1;
@@ -2613,6 +2615,11 @@ int x509_ext_key_usage_check(const int *oids, size_t oids_cnt, int cert_type)
 				return 1;
 			}
 			break;
+		case X509_cert_ocsp_signing:
+			if (oids[i] == OID_kp_ocsp_signing) {
+				return 1;
+			}
+			break;

 		default:
 			error_print();