In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... > Henrik, > > Henrik Gemal wrote: > > How does Mozilla select certificates to show to a webserver when the > > server asks for a certificate? > > The web server firstsends Mozilla a list of valid CA certificates from > which it will accept client cert. >
Although a server sending an empty list is strictly speaking illegal in SSL/TLS some implementations will tolerate it and interpret it as "any CA". No idea if Mozilla does though... Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage.