Add support for verifying certificate chain with EKU

briansmith / webpki

WebPKI X.509 Certificate Validation in Rust

https://briansmith.org/rustdoc/webpki/

Other

464 stars 166 forks source link

Add support for verifying certificate chain with EKU #244

Open xiaoyuxlu opened 3 years ago

xiaoyuxlu commented 3 years ago

There is a use case(spdm) where Certificate Extended Key Usage(EKU) Oid is customized, and EndCertEntity is used to verify certificate chain with customized EKU. But the current EndCertEntity does not expose the verify function with eku. So I made a patch to expose a function called verify_is_valid_cert_with_eku for EndCertEntity.

What do you think of this? Any chance we can see add this API in webpki?

jyao1 commented 2 years ago

@briansmith, would you please review this patch to see if there is any comment?