[gnutls-devel] GnuTLS | WIP: Add option to store all stapled OCSP responses to gnutls-cli (!1189)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Feb 8 12:47:58 CET 2020
Airtower commented:
The option is specifically intended to check OCSP stapling, so yes, recording only stapled responses is intentional. STATUS_REQUEST_V2 is obsoleted by TLS 1.3, the stapled responses are carried in extensions to the CertificateEntry ([RFC 8446, Section 4.4.2.1](https://tools.ietf.org/html/rfc8446#section-4.4.2.1)) so multi-stapling is supported by default.
Unfortunately I don't know any public website that uses multi-stapling, and the only web server implementation I'm aware supports it is Apache with mod_gnutls 0.10 (which I released on Monday). Testing that is how I noticed the limitations in `gnutls-cli` described in #904.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1189#note_284668243
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200208/dbabb44a/attachment-0001.html>
More information about the Gnutls-devel
mailing list