On 24/01/2013 11:13 a.m., Tsantilas Christos wrote:
There are cases where the generated certificates do not mimic enough properties and secure connection with the client fails. For example, Squid does not mimic Key Usage extensions. Clients using GnuTLS (or similar libraries that validate server certificate using those extensions) fail to secure the connection with Squid.This patch add mimicking for the following extensions, which are considered as safe to mimic: * X509v3 Key Usage * X509v3 Extended Key Usage, * X509v3 Basic Constraints CA. We would be happy to add more "safe to mimic" extensions if users request (and vouch for) them. This is a Measurement Factory project Regards, Christos
+1. So long as they are safe. The code looks okay anyway. Amos
