On 12/10/2009 07:49 PM, Daniel Kahn Gillmor wrote: > I'm sure someone else can come up with possible ways i've missed that a > certificate could be invalid ;)
i thought of another way this morning: 10) if the certificate contains an X.509v3 extension that is marked "critical" that it does not know how to process, it MUST reject the certificate: http://tools.ietf.org/html/rfc5280#section-4.2.1.10 hth, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
