If I have a customized callback method in my NSS server app, where I do some cert checks above and beyond the regular NSS checks, and I now have a new reason for rejecting the incoming client cert, but how can I make that new reason available to the CLIENT (ie, the peer on the other end of the connection)?
I have a situation now where my server app rejects the client cert because of reason X (NSS thought it was good but my server app has extra requirements). However the client gets a rather generic message: "(-12225) SSL peer does not support certificates of the type it received" It would be nice if the client got a more accurate reason, ie. the real reason X... -- Patrick
