[gnutls-devel] Implementing RFC 7633 to support mandatory OCSP stapling.
tim.kosse at filezilla-project.org
Mon Dec 21 18:18:52 CET 2015
On 2015-12-21 09:21, Nikos Mavrogiannopoulos wrote:
> Do you know any plans on other implementations to use/rely on
> that extension?
The latest version of Firefox Developer Edition already understands this
extension, so the NSS library should support it.
> Some comments:
> 1. "To proceed, first check whether we have requested the certificate status"
> Even though it's a simple check I'd suggest to use
Excellent, didn't see this function.
> 2. Would it make sense to use gnutls_x509_ext_tlsfeatures_get()
> instead of gnutls_x509_crt_get_tlsfeature() to reduce the multiple
> decodings of this extension in case more than one features are
> present? In that case the checking for tlsfeatures would have to move
> to a separate function.
Yes, shouldn't be a problem.
More information about the Gnutls-devel