[gnutls-devel] GnuTLS | ocsp: set GNUTLS_CERT_INVALID if OCSP response indicates revocation (!1159)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 10 12:50:39 CET 2020

Nikos Mavrogiannopoulos commented:

My concern was the text `The GNUTLS_CERT_INVALID flag is always set on a verification error and more detailed flags will also be set when appropriate.` from the manual. We don't do that on OCSP errors. This requirement is unfortunately historical baggage and applications do not need to check for this flag, but since we documented like that I think we should follow it as there will always be applications that will check whether the GNUTLS_CERT_INVALID flag is set to indicate error.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1159#note_269706537
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200110/8af2f21a/attachment.html>

More information about the Gnutls-devel mailing list