Dr Stephen Henson wrote:
There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then starts a new
session the second cuts it half way through.
Been many years since I looked at those though. I recall having to alter the
state machine to accommodate the Microsoft flavour. (Checks code, yes look for
SGC comments in there)
Actually Steve - you may know - what besides the obvious
extendedKeyUsage=nsSGC,msSGC
in the extension file needs to go into a sub-ca below a
self-signed-root-chain to make the browsers dance ? Or have they
hardcoded in some specific CA or similar ? Or is there a test case in
opnessl which is useful here ? As that would let us do decent tests script.
Thanks,
Dw
