Hello,Currently, /check_purpose_ssl_client/ calls /ns_reject /with the flag NS_SSL_CLIENT:
*if(ns_reject(x, NS_SSL_CLIENT)) return 0;*Because of that, if a certificate has Netscape "S/MIME" bit set, but not "SSL Client", certificate validation fails. Shouldn't the S/MIME bit considered sufficient on its own in client certificates? In this case the call should be:
*if(ns_reject(x, (NS_SSL_CLIENT | NS_SMIME))) return 0;*/
/Regards, Michael/ /
