On 24/01/2013 11:13 a.m., Tsantilas Christos wrote:
> There are cases where the generated certificates do not mimic enough
> properties and secure connection with the client fails. For example,
> Squid does not mimic Key Usage extensions. Clients using GnuTLS (or
> similar libraries that validate server certificate using those
> extensions) fail to secure the connection with Squid.
>
> This patch add mimicking for the following extensions, which are
> considered as safe to mimic:
> * X509v3 Key Usage
> * X509v3 Extended Key Usage,
> * X509v3 Basic Constraints CA.
>
> We would be happy to add more "safe to mimic" extensions if users
> request (and vouch for) them.
>
> This is a Measurement Factory project
>
> Regards,
> Christos
+1. So long as they are safe. The code looks okay anyway.
Amos
Received on Thu Jan 24 2013 - 02:43:43 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 24 2013 - 12:00:08 MST