On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
Hi,
does NSS check the pathlength extension in an issuing certificate?
yes.
I am particularly wondering if pathlen:0 is honoured.
According to the spec, which means no limit. NSS limits the size of the
total chain to prevent loop attacks, so
On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
Hi,
does NSS check the pathlength extension in an issuing certificate?
yes.
I am particularly wondering if pathlen:0 is honoured.
According to the spec, which means no limit. NSS limits the size of the
total chain to prevent loop
On 09/19/2011 08:34 PM, From Robert Relyea:
If you really want pathlen of '0', then just set the isCA bit to FALSE;).
Well wellNSS (or PSM) doesn't even accept an end user certificate
with CA=TRUE as we found out recently. And that's very good IMO.
--
Regards
Signer: Eddy Nigg,
On 2011/09/18 03:15 PDT, Ralph Holz (TUM) wrote:
does NSS check the pathlength extension in an issuing certificate? I am
particularly wondering if pathlen:0 is honoured.
Yes and Yes.
NSS 3.12 claims compliance with RFC 3280.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 2011/09/07 09:38 PDT, praspa wrote:
I'm trying to make two separate HTTPS requests to a remote host using two
client sockets and two different client certificates respectively (client
cert A and B). [...]
From my host, I'm able to make two connections on two different sockets to
the
5 matches
Mail list logo
