I'm sure the devs are very good and have checked for this, but I want to make sure.
What steps are taken to verify client certificates? In particular, are validity dates checked? Are X-SSL-* headers from the client stripped? Is there a way to disallow self-signed certs? (ie, only allow certs that my CA has signed.) Thank you, Jamie -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
