[gnutls-devel] Implementing RFC 7633 to support mandatory OCSP stapling.
Kurt Roeckx
kurt at roeckx.be
Mon Dec 21 10:33:52 CET 2015
On Mon, Dec 21, 2015 at 10:21:00AM +0200, Nikos Mavrogiannopoulos wrote:
> On Sun, Dec 20, 2015 at 4:34 PM, Tim Kosse
> <tim.kosse at filezilla-project.org> wrote:
> > Hi,
> > I took a shot at implementing RFC 7633 which can be used to make OCSP
> > stapling mandatory.
> > Attached is a proof-of-concept series of patches that implements
> > checking for a missing certificate status during the handshake. I have
> > manually tested this functionality against
> > https://must-staple.serverhello.com/ and
> > https://must-staple-no-ocsp.serverhello.com/
> > Before continuing, I'd like your opinion on the patch series so far.
>
> Thank you for the patch; it very is consistent with existing code. Do
> you know any plans on other implementations to use/rely on that
> extension?
OpenSSL has added support for setting and displaying it in the
certificate. I think someone is also working on a patch to check
it in s_client.
Kurt
More information about the Gnutls-devel
mailing list