On 10/07/2009 02:04 AM, Kyle Hamilton:
There is absolutely *NO* requirement that the client send a currently-valid certificate, and it's up to the server to detect that.
Errrr, btw, that's not entirely correct because the client does perform many checks. Obviously SHOULD the client send something which is not within the list of accepted certificates or SHOULD the client send an expired certificate, it's indeed the servers task to detect that and return an appropriate response. The point is, that in 99.9% of all cases Firefox makes a decision before sending anything. Some versions of Explorer (maybe all) pop up the certificates list dialog, which is empty in that case. Same result, except in that case the user might guess that it couldn't chose anything, hence there might be something missing.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: start...@startcom.org Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
