Solderpunk solderpunk at posteo.net
Mon Aug 31 17:44:06 BST 2020
- - - - - - - - - - - - - - - - - - -
I think it goes without saying that at the absolute minimum a Geminiclient certificate ought to be a valid x509 certificate. I did lookinto this at some stage and IIRC the Issuer needs to be non-empty butthe Subject does not. If that is indeed the case, then I'm not sure weshould mandate anything further. As makeworld said, such certificatesmight not be suitable for particular applications which make use of theSubject. I guess the appropriate server response there would be 61? 62doesn't seem to apply since the certificate is technically valid. Butthis does make the "CERTIFICATE NOT AUTHORISED" name for 61 misleading.Perhaps it ought to be "CERTIFICATE NOT ACCEPTED"?
Cheers,Solderpunk