On 2011/09/07 09:38 PDT, praspa wrote:
>
> I'm trying to make two separate HTTPS requests to a remote host using two
> client sockets and two different client certificates respectively (client
> cert A and B). [...]
> From my host, I'm able to make two connections on two different sockets to
> th
On 2011/09/18 03:15 PDT, Ralph Holz (TUM) wrote:
> does NSS check the pathlength extension in an issuing certificate? I am
> particularly wondering if pathlen:0 is honoured.
Yes and Yes.
NSS 3.12 claims compliance with RFC 3280.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
h
On 09/19/2011 08:34 PM, From Robert Relyea:
If you really want pathlen of '0', then just set the isCA bit to FALSE;).
Well wellNSS (or PSM) doesn't even accept an end user certificate
with CA=TRUE as we found out recently. And that's very good IMO.
--
Regards
Signer: Eddy Nigg, Start
>
> On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
> > Hi,
> >
> > does NSS check the pathlength extension in an issuing certificate?
> yes.
> > I am particularly wondering if pathlen:0 is honoured.
> According to the spec, which means no limit. NSS limits the size of the
> total chain to preve
On 09/18/2011 03:15 AM, Ralph Holz (TUM) wrote:
Hi,
does NSS check the pathlength extension in an issuing certificate?
yes.
I am particularly wondering if pathlen:0 is honoured.
According to the spec, which means no limit. NSS limits the size of the
total chain to prevent loop attacks, so i
5 matches
Mail list logo
