Support TLS client authentication Extended Key Usage in x509 generation
[strongswan.git] / src / libstrongswan / credentials / certificates / x509.h
index ebe660d..172bd96 100644 (file)
@@ -35,19 +35,21 @@ typedef enum x509_flag_t x509_flag_t;
  */
 enum x509_flag_t {
        /** cert has no constraints */
-       X509_NONE =                        0, 
+       X509_NONE =                             0,
        /** cert has CA constraint */
-       X509_CA =                         (1<<0),
+       X509_CA =                               (1<<0),
        /** cert has AA constraint */
-       X509_AA =                         (1<<1),
+       X509_AA =                               (1<<1),
        /** cert has OCSP signer constraint */
-       X509_OCSP_SIGNER =        (1<<2),
-       /** cert has serverAuth constraint */
-       X509_SERVER_AUTH =        (1<<3),
+       X509_OCSP_SIGNER =              (1<<2),
+       /** cert has serverAuth key usage */
+       X509_SERVER_AUTH =              (1<<3),
+       /** cert has clientAuth key usage */
+       X509_CLIENT_AUTH =              (1<<4),
        /** cert is self-signed */
-       X509_SELF_SIGNED =    (1<<4),
+       X509_SELF_SIGNED =              (1<<5),
        /** cert has an ipAddrBlocks extension */
-       X509_IP_ADDR_BLOCKS = (1<<5),
+       X509_IP_ADDR_BLOCKS =   (1<<6),
 };
 
 /**