Fabrice Gautier <fabrice.gaut...@gmail.com> writes: >"Do TLS libraries act strictly on those requirements, or do they leave it to >the application layers?" > >"How do TLS libraries/server applications act when such requirements are not >respected?"
This has already been discussed in the past, it's not up to TLS to constrain what a CA can do, and more to the point if you've paid a CA a small fortune for a cert you don't want some TLS implementation to reject it because of some minor disagreement over what colour the cert frame is painted. Redde Caesari quae sunt Caesaris, the PKI code decides whether a cert chain is acceptable or not, not the TLS code. Which is exactly what my code does. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
