Dirk-Willem van Gulik wrote:
Actually Steve - you may know - what besides the obvious
extendedKeyUsage=nsSGC,msSGC
in the extension file needs to go into a sub-ca below a
self-signed-root-chain to make the browsers dance ? Or have they
hardcoded in some specific CA or similar ? Or is there a test case in
opnessl which is useful here ? As that would let us do decent tests script.
Hmm - just found
http://www.modssl.org/docs/apachecon2001/slide-010-n.html
which seems to be one of the few places on the web; which suggest that
sepcial tagging in the browser is happening on a per-CA level.
Is that indeed the case. That would suggest that we do need the help of
a CA to do proper testing.
Dw.
