[gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Jun 8 09:21:19 CEST 2019




So the situation is that the chain contains:
```
1. [server cert] || [ocsp response]
2. [server cert]
3. [ca cert]
```

The server cert has the extension that requires an OCSP response, and the code that enforces it goes through the list of the certificates as sent by the server and enforces the flag. It fails at point (2) because the certificate is not accompanied by a corresponding response. Indeed the response was previously sent in step 1, so gnutls could have used it.

We could introduce some logic to handle it, though I am not sure whether the problem is significant enough to warrant additional complexity.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783#note_179180932
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190608/cc6f80e7/attachment.html>


More information about the Gnutls-devel mailing list