-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
Easy-RSA is intending to change the default CA X509-type by including
the 'basicConstraint = critical' bit.
New CAs and subCAs will include the following attribute:
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
This is due to python requirement VERIFY_X509_STRICT.
While Easy-RSA already provides the option --bc-crit, which adds the
'critical' bit to any new certificate, the folk from python are asking
that this become the absolute default for Easy-RSA CA/subCA certificates.
No objections have been raised so far but we decided to ask, before the
hammer falls, if there are any demonstrable reasons to oppose this change?
Thanks for your feedback.
Richard
Sent with Proton Mail secure email.
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsC5BAEBCgBtBYJpl+1eCRBPl5z2a5C4nUUUAAAAAAAcACBzYWx0QG5vdGF0
aW9ucy5vcGVucGdwanMub3JnV21om81xxRdYHyc9l6aNURKKS1gscL2hAll8
yss3BbgWIQQJvD1EZ6ONcnnFVVVPl5z2a5C4nQAAK+4H/RifVq2nz2JhCqzL
wkztPagxeQfZqOoh4xFPS99nVjHpQKPpxsA4bWLMjy6v+XCN2Chqohv2ij72
mpwXTNiLCKYPp7cFFyXBYzDKuFwV8j3YTkpJLigq91XP1UsZHaqSxu9lmYyN
sQWcRbaLoTfXWKGW99O0jpS6F3k/ec/RqjbBdF6RHhvODuB5/6Nzs3R3ZE0Q
RNWonFVM1cz6bb/gmT0mPbIggCZgEPG2LTWgk3dpnrZyLyeRWK9FGHY5Lzoa
FlGErnRgVLXgbtpoG9wvWkQ8JA1oLGtzVDp3TPRSjcXzqGmOmcnWWpzFMePe
qJAym4YUWBCv5ZYiIlw80RolL98=
=GBkB
-----END PGP SIGNATURE-----
publickey - [email protected] - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - [email protected] - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
