xku_reject
if (xku_reject(x, XKU_SSL_CLIENT))
if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
if (xku_reject(x, XKU_SMIME))
