In a recent attempt to add missing extended key usage pieces, I noticed
that the OCSPSigning extended key usage was not fully implemented. It is
perfectly possible that I am not fully cognizant of how the code works,
and it is properly implemented. It is however, clearly not documented.
The attached patch adds the bits that to my relatively uneducated eye
are missing for OSCPSigning extended key usage, including the missing
documentation update.
Micah
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index fe46624..e2345fb 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -175,3 +175,4 @@ static const unsigned char lvalues[5824]={
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [666] OBJ_code_sign */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [674] OBJ_email_protect */
0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [682] OBJ_time_stamp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [682] OBJ_OSCPSigning */
@@ -1091,3 +1090,4 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"emailProtection","E-mail Protection",NID_email_protect,8,
&(lvalues[674]),0},
{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[682]),0},
+{"OSCPSigning", "OSCP Signing",NID_OSCPSigning,8,&(lvalues[683]),0},
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index bd0ee52..191c895 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -714,3 +714,7 @@
#define NID_time_stamp 133
#define OBJ_time_stamp OBJ_id_kp,8L
+#define SN_OCSP_sign "OCSPSigning"
+#define LN_OCSP_sign "OCSP Signing"
+#define NID_OCSP_sign 180
+#define OBJ_OCSP_sign OBJ_id_kp,9L
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index 0450067..e138eb3 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -115,3 +115,4 @@ following PKIX, NS and MS values are meaningful:
codeSigning Code signing.
emailProtection E-mail Protection (S/MIME).
timeStamping Trusted Timestamping
+ OCSPSigning OCSP Signing
