Howard Chu writes: >Hallvard B Furuseth wrote: >> Still, I don't know why that makes it possible to store such a cert, >> since certs are binary. > > He said it is *not* possible to store.
Sorry, typo. > Certs are binary, but their subject and issuer DNs are still validated > before they're accepted; it's required for the certificateMatch filter > to work. > >> You could file an ITS with a request for support, > > You've just said in the previous paragraph that such support would be > fragile, so what exactly do you expect us to do here? Not support any decode/encode, since that's what is fragile. [So I've quoted your reply to why not.] -- Hallvard
