Re-thinking about this a bit more, OpenSSL doesn't do any key-usage verification of things when it does signatures. So I am closing this ticket. As a work-around, verifying the signature and usage of the signed data maybe? (If someone wants to do a PR to fix this, great.) -- Rich Salz, OpenSSL dev team; rsalz at openssl.org