Patrick Rauscher

I would leave this issue open to document the problem: During POST-Logout, djangosaml2 does not specify its own template but instead relies on the template specified by pysaml2. As this...

Forgot to note: You need to specify the full name (like in buffer_autoclose, where i stole some code). This is $network.$buffer - e.g. Freenode.#spackeria

@spuxx1701 see #405 - I created #1068 to express this in the docs

Not too sure iff `AbstractBaseUser` does have anything to do with it, but one difference between `Permission` and `AbstractUser` is that `Permission` is a direct child of `models.Model`, while `AbstractUser`...

Sorry, I only read now how my comment could be miss-interpreted: I was just speculating iff `AbstractBaseUser` could have anything to do with it, since one difference between `Permission` (lacking...

Additionally to a general "here-be-dragons" `build_custom_verifier`, an `build_smime_verifier` would be great, where EKU for emailProtection etc could be checked. Especially as SMIME Encryption is about to be added, a typical...

Note that #977 aims to remove pyopenssl all together and conflicts with this PR

Looks like the CI-Check failed, but this is attributed to clang C at check_ping, which i did not change - probably this is just a glitch? https://travis-ci.org/monitoring-plugins/monitoring-plugins/jobs/190322786

Just to note it here: The probably only difference between `Policy.client` and a possible `Policy.smime` would probably be to use `EKU_EMAIL_PROTECTION_OID` instead of `EKU_CLIENT_AUTH_OID`.

Not sure if I understand you correctly, but my Idea of the API would be similar to `build_client_verifier`: ```python from pathlib import Path from cryptography import x509 trusted_cas = x509.load_pem_x509_certificates(Path("cacerts.pem").read_bytes())...