>Well this could have been controlled in the certificates themselves by >including and extended key usage extension to allow client authentication or >email protection. Then a savvy browser wouldn't present the wrong certificate >type.
I have noticed that the cert I don't want to show up has the following extended key usage: Smart Card Logon (1.3.6.1.4.1.311.20.2.2) Secure Email (1.3.6.1.5.5.7.3.4) Client Authentication (1.3.6.1.5.5.7.3.2) While the one I want to show up has no extended key usage. How does/can SSL/TLS use OID 2 5 29 37 (or any other extention for that matter)? Or were you implying a browser customization? Netscape and IE present them both, I thought, because they are both of the RSA-sign type. regards, tt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
