When the KeyUsage extension is not here, no restrictions apply on the key

2014-01-27 09:56:51 +00:00 · 2014-01-27 09:56:51 +00:00 · 47c7243385
commit 47c7243385
parent 7d64ffe5a4
1 changed files with 3 additions and 3 deletions
--- a/core/Network/TLS/Credentials.hs
+++ b/core/Network/TLS/Credentials.hs
@ -59,13 +59,13 @@ credentialsFindForDecrypting (Credentials l) = find forEncrypting l
 credentialCanDecrypt :: Credential -> Maybe ()
 credentialCanDecrypt (chain, priv) =
    case extensionGet (certExtensions cert) of
-        Nothing    -> Nothing
+        Nothing    -> Just ()
        Just (ExtKeyUsage flags)
            | KeyUsage_keyEncipherment `elem` flags ->
                case (pub, priv) of
                    (PubKeyRSA _, PrivKeyRSA _) -> Just ()
                    _                           -> Nothing
-            | otherwise                             -> Nothing
+            | otherwise                         -> Nothing
    where cert   = signedObject $ getSigned signed
          pub    = certPubKey cert
          signed = getCertificateChainLeaf chain
@ -73,7 +73,7 @@ credentialCanDecrypt (chain, priv) =
 credentialCanSign :: Credential -> Maybe SignatureAlgorithm
 credentialCanSign (chain, priv) =
    case extensionGet (certExtensions cert) of
-        Nothing    -> Nothing
+        Nothing    -> getSignatureAlg pub priv
        Just (ExtKeyUsage flags)
            | KeyUsage_digitalSignature `elem` flags -> getSignatureAlg pub priv
            | otherwise                              -> Nothing