httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: Server Gated Certs (Was: TLS renegotiation attack, mod_ssl and OpenSSL)
Date Fri, 06 Nov 2009 02:21:42 GMT
Dirk-Willem van Gulik wrote:

> Actually Steve - you may know - what besides the obvious
> extendedKeyUsage=nsSGC,msSGC
> in the extension file needs to go into a sub-ca below a
> self-signed-root-chain to make the browsers dance ? Or have they
> hardcoded in some specific CA or similar ? Or is there a test case in
> opnessl which is useful here ? As that would let us do decent tests script.

Hmm - just found

which seems to be one of the few places on the web; which suggest that 
sepcial tagging in the browser is happening on a per-CA level.

Is that indeed the case. That would suggest that we do need the help of 
a CA to do proper testing.


View raw message