Patrick Rauscher

Any update here?

@jpic @mpasternak Is there anything I could support you with the release? Especially #157 was a quite relevant change for us and we would like to use it properly :)

@jpic sorry to annoy, but is there a way to support you for a new release?

My excerpt from https://www.rfc-editor.org/rfc/rfc8550#section-4.4 would be: * SHOULD NOT contain basicConstraints (per RFC 5280) * if key Usage extension is present, MUST allow digitalSignature and/or nonRepudiation (if extensions is not...

Not sure about the CA constraints either, from our company-certificate they include EMAIL_PROTECTION in EKU, but not sure if this is required. From [this stackexchange-post](https://security.stackexchange.com/questions/194283/root-ca-with-extended-key-usage-fields) I read that its application...

For the subjectAlternativeName constraint we probably need to receive the mail address as a parameter of `pkcs7_x509_extension_policies`. After reading https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.6 I'd suggest something along the following: ```python def pkcs7_x509_extension_policies(mail_address: str):...

@nitneuqr Is there anything I could do to support in this case?

Thanks for your work, I'll see what I get. From my point of view, there are 4 cases left to cover, all in `pkcs7.py`: 1. `88->exit`: A certificate with a...

@alex Not sure if I understood your comment correctly, but #13371 and #13372 are now two separate PRs. Surely, #13372 fails tests now as #13371 must be merged prior. Please...

Thanks @briantist - this seems way more likely. I drafted #13376 for this purpose and will close #13371 and #13372 soon. After the merge of #13376 this PR can be...