[cups.bugs] [MOD] STR #2225: CDSA SSL certificate selection improvements

jlovell.apple jlovell at apple.com
Tue Jan 30 16:09:08 PST 2007


DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

The current CDSA SSL support just grabs the first certificate it finds
which is wrong -- a certificate needs to have the extended key usage (EKU)
ssl bit set and it's common name has to match the local address the client
connected to. The attached patch fixes this by using the
SecIdentitySearchCreateWithPolicy() SPI that was added to Tiger (10.4).

Comments?

Thanks!

Link: http://www.cups.org/str.php?L2225
Version: 1.3-current
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cdsa-sll.patch
URL: <https://lists.cups.org/pipermail/cups/attachments/20070130/4bf450fd/attachment.ksh>


More information about the cups mailing list