On 04/03/17 16:13, Steffan Karger wrote:
> As a last resort, we could consider keeping the old code inside #if
> OSSL_VER < 1.1.0 in release/2.4, but that might just create more
> confusion...
Just a very quick thought here ... I do dislike different behaviours
depending on which OpenSSL version b
The nsCertType x509 extension is very old, and barely used. We already
have had an alternative for a long time: --remote-cert-tls uses the far
more common keyUsage and extendedKeyUsage extensions instead.
OpenSSL 1.1 longer exposes an API to (separately) check the nsCertType x509
extension. Sinc
Hello,
On Sat, Mar 4, 2017 at 4:13 PM, Steffan Karger wrote:
> Hi,
>
> On 02-03-17 22:26, Gert Doering wrote:
>> On Thu, Mar 02, 2017 at 09:36:32PM +0100, Steffan Karger wrote:
>>> So, what I propose instead is:
>>> * remove all the nsCertType code (except the option in add_option())
>>> * upda
Hi,
On 02-03-17 22:26, Gert Doering wrote:
> On Thu, Mar 02, 2017 at 09:36:32PM +0100, Steffan Karger wrote:
>> So, what I propose instead is:
>> * remove all the nsCertType code (except the option in add_option())
>> * update the help strings and man page to indicate that --ns-cert-type
>> is n
