What makes a certificate invalid?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Dec 11 17:23:03 CET 2009
On 12/10/2009 07:49 PM, Daniel Kahn Gillmor wrote:
> I'm sure someone else can come up with possible ways i've missed that a
> certificate could be invalid ;)
i thought of another way this morning:
10) if the certificate contains an X.509v3 extension that is marked
"critical" that it does not know how to process, it MUST reject the
certificate:
http://tools.ietf.org/html/rfc5280#section-4.2.1.10
hth,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091211/e2b2716f/attachment.pgp>
More information about the Gnutls-help
mailing list