[gnutls-devel] Support for OCSP Must-staple ?
nmav at gnutls.org
Tue May 31 14:42:14 CEST 2016
On Tue, May 31, 2016 at 10:42 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> Just found one: suche.org
> Unknown extension 18.104.22.168.22.214.171.124.24 (not critical):
> ASCII: 0....
> Hexdump: 3003020105
Thank you. It seems it is correctly listed from certtool in master:
TLS Features (not critical):
However, I realized that this pkix extension is quite undefined. There
is no well-defined behavior for "status_request_v2" and that issue
will show up once (and if) the multiple ocsp responses get deployed.
I've sent a mail to the author of rfc7633 and saag , but it is
unknown whether anything productive will come out of it. Most likely
this TlsFeature extension will be used with a single value (5) to
indicate for ocsp status request or the multi one.
More information about the Gnutls-devel