Re: [PATCH] Mimic Key Usage and Basic Constraints

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 24 Jan 2013 15:43:36 +1300

On 24/01/2013 11:13 a.m., Tsantilas Christos wrote:
> There are cases where the generated certificates do not mimic enough
> properties and secure connection with the client fails. For example,
> Squid does not mimic Key Usage extensions. Clients using GnuTLS (or
> similar libraries that validate server certificate using those
> extensions) fail to secure the connection with Squid.
>
> This patch add mimicking for the following extensions, which are
> considered as safe to mimic:
> * X509v3 Key Usage
> * X509v3 Extended Key Usage,
> * X509v3 Basic Constraints CA.
>
> We would be happy to add more "safe to mimic" extensions if users
> request (and vouch for) them.
>
> This is a Measurement Factory project
>
> Regards,
> Christos

+1. So long as they are safe. The code looks okay anyway.

Amos
Received on Thu Jan 24 2013 - 02:43:43 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 24 2013 - 12:00:08 MST