Geoffrey Keating wrote: > > A typical macOS system will have many issued certs, typically with at > most one that will work for any particular web site or web API. So > the filter is somewhat important for client certs to work there in any > kind of user-friendly way. In particular if the server provides no > guidance, the UI will ask the user, presenting a dialog containing > many certificates the user is not aware they have, leading to complete > user confusion.
In the past, Safari on MAC entirely ignored the server-asserted contents of certificate_authorities in the TLS CertificateRequest handshake message, and would offer *all* possible client certs to the user. Has this bug been fixed in Safari? I remember customer messages where clients were refused that were erroneously sending AppleID client certs... -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
