[gnutls-devel] GnuTLS | OCSP stapling transmission observability (#883)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Dec 21 22:25:11 CET 2019
jgh created an issue: https://gitlab.com/gnutls/gnutls/issues/883
## Description of the feature:
A way for the server application to know if the library sent an OCSP stapled certificate status.
Complication: TLS1.3 allows for more than one certificate chain-element to be sent with associated status. While a single
bit would be simple for the application to retrieve, and cover most current cases (where only the leaf element has status),
that is not complex enough for the general case.
It has been suggested (issue 829) that gnutls_certificate_set_retrieve_function3() could be used for this, if access were
provided to the library default methods for identifying the staplings.
## Applications that this feature may be relevant to:
Anything wanting observability
## Is this feature implemented in other libraries (and which)
OpenSSL has a status-callback similar to gnutls_certificate_set_retrieve_function3().
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/883
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191221/38d72dc7/attachment.html>
More information about the Gnutls-devel
mailing list