Transport/StreamFactory.cs enforces Enhanced Key Usage

[tomk3003]

The X.509 RFC 5280 states that Enhanced Key Usage has to be acknowledged if it is present in the public certificate. When no such key exists in the certificate issued by the server during session creation, a quickfixn client will refuse the certicate with "Remote certificate is not intended for server authentication".

This enforcement should at least be configurable. E.g. it prevents TLS connections to Bloomberg without disabling server authentication alltogether with SSLValidateCertificates=N.

I could implement that, if it is desirable.

[neilejgreen]

This might be related #264.

[gbirchmeier]

@tomk3003 Can you please elaborate on that second sentence more?

I think you're saying: "When no such key exists.." the client is erroring out because it thinks that the key should be there (but it's actually optional). Is that a correct interpretation?

If I'm understanding it correctly, then I would gladly accept a PR for it.

[gbirchmeier]

Is this related to #568?

[tomk3003]

after reading #264 again I think this is a duplicate. I don't think I'll have the time to do a PR now. I would have had in 2017.

[gbirchmeier]

That's understandable. :)

And like #264, I think I'm going to defer to what @brobits said on that one: We're not going to work on this, but we will gladly accept a PR if someone wants to do it.