Re: [Openvpn-users] nsCertType - non standard that noone else uses?

[Alon Bar-Lev <alon.barlev@xxxxxxxxx>]

James Yonan wrote:
> On Tue, 8 Nov 2005, Jon Bendtsen wrote:
>
>
> > Hi
> >
> > According to those that make my certificate management system, EJBCA,
> > noone uses 		nsCertType		any more. It has been replaced by a
> > standard, RFC3280,
> > 	http://www.ietf.org/rfc/rfc3280.txt?number=3280
> >
> > See section "extended key usage",
> >
> > "  id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
> >    -- TLS WWW server authentication
> >    -- Key usage bits that may be consistent: digitalSignature,
> >    -- keyEncipherment or keyAgreement
> >
> >    id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
> >    -- TLS WWW client authentication
> >    -- Key usage bits that may be consistent: digitalSignature
> >    -- and/or keyAgreement"
> > >
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users

> > Okay, so it is not written to be used for a VPN, but surely OpenVPN
> > could interpretate those fields as server and client as with the old
> > nsCertType ?
>
>
> I'd be happy to include a patch for this, if someone would care to write
> it.
>
> James

It bothered me too...
I will do it during week-end.
Alon.