Recognize Step-Up/SGC EKUs as being TLS certificates

alex · Feb 2, 2016 · dbf6ef2 · dbf6ef2
1 parent af78282
commit dbf6ef2
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/certlint/cablint.rb b/lib/certlint/cablint.rb
@@ -202,7 +202,12 @@ def self.lint(der)
         end
       end
 
-      if eku.empty? || eku.include?('TLS Web Server Authentication') || eku.include?('Any Extended Key Usage')
+      # So many ways to indicate an in-scope certificate
+      if eku.empty? || \
+          eku.include?('TLS Web Server Authentication') || \
+          eku.include?('Any Extended Key Usage') || \
+          eku.include?('Netscape Server Gated Crypto') || \
+          eku.include?('Microsoft Server Gated Crypto')
         messages << 'I: TLS Server certificate identified'
         cert_type_identified = true
         # OK, we have a "SSL" certificate