Function esp_idf_svc::sys::mbedtls_x509_crt_check_key_usage

source ยท
pub unsafe extern "C" fn mbedtls_x509_crt_check_key_usage(
    crt: *const mbedtls_x509_crt,
    usage: u32,
) -> i32
Expand description

\brief Check usage of certificate against keyUsage extension.

\param crt Leaf certificate used. \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange).

\note Except for decipherOnly and encipherOnly, a bit set in the usage argument means this bit MUST be set in the certificate. For decipherOnly and encipherOnly, it means that bit MAY be set.

\return 0 is these uses of the certificate are allowed, MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension is present but does not match the usage argument.

\note You should only call this function on leaf certificates, on (intermediate) CAs the keyUsage extension is automatically checked by \c mbedtls_x509_crt_verify().