Comments (3)
chris2511
commented on August 19, 2024
I don't like this implicit behavior.
- If you want a certificate without extensions, you'll get it.
- For self-signed HTTPS server certificates, the CA:TRUE is not the best choice.
What may be a good help for inexperienced users and a safety net for the hasty ones:
Check the Basic Constraints when clicking OK. Warn if they are undefined while proposing to apply the extensions of one of the default templates and allow to continue the rollout without basic constraints or get back to the input fields to configure them.
There are already a lot of such sanity-checks in NewX509::accept() and this would be another one.
from xca.
monnerat
commented on August 19, 2024
This was just a suggestion, but the warning you describe is also a good idea :-)
Xca is so complete it is not always evident (although there are already many gard rails) for a beginner that needs a simple certificate to chose the proper options.
For self-signed HTTPS server certificates, the CA:TRUE is not the best choice.
Well... AFAICR, I have seen long ago (but I don't remember where) a cert chain checking code that always requires a signer to be a CA, even for a single self-signed cert.
from xca.
monnerat
commented on August 19, 2024
Tested: OK
Thanks.
Since there are additional messages, please feel free to ask me if you want another translation round before release.
from xca.
Related Issues (20)
- permanent processor load / stucked instances as background process HOT 2
- Docker image HOT 1
- Problems exporting PKCS#12 HOT 1
- Exporting private keys with MacOS doesn't work HOT 9
- XCA cannot properly access a YubiHSM2 (login issues maybe) HOT 8
- New XCA v2.6.0 - It's not in English HOT 10
- XCA version 2.6.0 very slow (Win 10) HOT 1
- XCA 2.5.0 & 2.6.0 very slow HOT 12
- pfx certificate cannot be imported in ios and macos: incorrect password
- XCA 2.6 on macOS - mySQL ODBC issue HOT 3
- What's wrong with hohnstaedt.de HOT 1
- XCA 2.6.0 gui language bug under macOS HOT 8
- Can't connect remote database
- export certificate: error using child folder
- Disorder in displaying Persian words that are links HOT 5
- Error in compiling code in linux HOT 2
- issues with icons in gnome dock
- Missing option to disable file association in Windows setup
- No available SQL option HOT 2
- Implement full command-line support for XCA HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xca.