crypto/krb5/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

2557

if (!ku_reject(reqctx->received_cert,

crypto/krb5/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

4754

if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))

crypto/krb5/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

4756

if (!ku_reject(x, X509v3_KU_KEY_ENCIPHERMENT))

crypto/openssl/crypto/x509/v3_purp.c

1032

if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))

crypto/openssl/crypto/x509/v3_purp.c

1034

} else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) {

crypto/openssl/crypto/x509/v3_purp.c

696

if (ku_reject(x, KU_KEY_CERT_SIGN))

crypto/openssl/crypto/x509/v3_purp.c

760

if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))

crypto/openssl/crypto/x509/v3_purp.c

786

if (ku_reject(x, KU_TLS))

crypto/openssl/crypto/x509/v3_purp.c

800

return ku_reject(x, KU_KEY_ENCIPHERMENT) ? 0 : ret;

crypto/openssl/crypto/x509/v3_purp.c

835

return ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION) ? 0 : ret;

crypto/openssl/crypto/x509/v3_purp.c

845

return ku_reject(x, KU_KEY_ENCIPHERMENT) ? 0 : ret;

crypto/openssl/crypto/x509/v3_purp.c

856

return !ku_reject(x, KU_CRL_SIGN);