On Sun, May 18, 2025 at 03:29:50AM -0700, Dan Mahoney wrote:
> Maybe I’m late to the game here, but is there code in OpenSSL or in
> Postfix, that will only let it either present, or accept, a cert that
> has the client EKU as a client certificate?
IIRC OpenSSL will only accept a TLS client certificate if the EKU
extension is missing, or if it includes TLS client authentication.
> (I mean, perhaps this is better asked on postfix-users, I’m sure
> there’s overlap between here and there).
The check is in OpenSSL.
--
Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
