- Allow command line --key-usage to be more restrictive than the

usage given by the certificate (pkcs12) git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1036 c6295689-39f2-0310-b995-f0e70906c6a9
2003-04-17 09:39:09 +00:00 · 2003-04-17 09:39:09 +00:00 · 93edc07115
parent f08a12f108
commit 93edc07115
1 changed files with 11 additions and 2 deletions
--- a/src/tools/pkcs15-init.c
+++ b/src/tools/pkcs15-init.c
@ -497,13 +497,22 @@ do_store_private_key(struct sc_profile *profile)
 	if (ncerts) {
 		/* If the user requested a specific key usage on the
 		 * command line check if it includes _more_
-		 * usage bits than the one specified by the cert */
+		 * usage bits than the one specified by the cert,
+		 * and complain if it does.
+		 * If the usage specified on the command line
+		 * is more restrictive, use that.
+		 */
 		if (~cert[0]->ex_kusage & opt_x509_usage) {
 			fprintf(stderr,
 			    "Warning: requested key usage incompatible with "
 			    "key usage specified by X.509 certificate\n");
 		}
-		args.x509_usage = cert[0]->ex_kusage;
+
+		if (opt_x509_usage) {
+			args.x509_usage = opt_x509_usage;
+		} else {
+			args.x509_usage = cert[0]->ex_kusage;
+		}
 	}

 	r = sc_pkcs15init_store_private_key(p15card, profile, &args, NULL);