[gnutls-devel] gnutls-cli OCSP test code for branch 'ocsp2'
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Feb 4 11:01:19 CET 2015
On Wed, 2015-02-04 at 09:31 +0100, Tim Ruehsen wrote:
> On Tuesday 03 February 2015 12:15:28 Tim Ruehsen wrote:
> > The 'Server Hello' has a 'status_request' inside (type 5, length 0).
> > But gnutls_ocsp_status_request_is_checked() returns 0.
> > This seems wrong in libgnutls... I would expect a return value of 1 in this
> > case.
>
> Here is a fix.
I don't think that this is related. However, at the current state the
packets generated seem to be in accordance with wireshark, so as far as
I understand, it remains to properly support it on the server side by
enhancing the ocsptool to generate a combined status request, as well as
accounting the multiple OCSP responses received on peer's certificate
verification.
regards,
Nikos
More information about the Gnutls-devel
mailing list