<-- back to the mailing list

implementing client certificate support

Sean Conner sean at conman.org

Tue Jun 9 22:13:35 BST 2020

- - - - - - - - - - - - - - - - - - - 

It was thus said that the Great Tadeusz Sosnierz once stated:

2020-06-09 22:59 GMT+02:00 Sean Conner<sean at conman.org>:
Just saying "bad certificate" isn't actionable enough for the user. Why
is it bad? Has it expired? Rejected? What? I NEED TO KNOW!
Isn't that something that could go in the "meta" part of the response, or
the content itself?

It could, but what does it mean when I get back "ní ghlactar le deimhniú","diúltaíodh deimhniú sa todhchaí", or "diúltaíodh deimhniú caite"? Noteveryone speaks English and a numeric response is unambiguous.

The specificness of 6x codes is something I find quite puzzling,
especially considering how carefully select the other codes are.
Especially 64. When does that even come into play?

Time skew between the client and server on a freshly minted certificate.

(Oh, and hi everyone; I'm new here, so excuse my perhaps silly questions :))

Hello, and no, your questions aren't silly.

-spc