[gnutls-devel] GnuTLS | gnutls-cli logs only the first stapled OCSP response (#904)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Jan 11 21:40:48 CET 2020

Airtower created an issue: https://gitlab.com/gnutls/gnutls/issues/904

I'm working on implementing multi-staple in mod_gnutls, and when testing with gnutls-cli found that it would never log more than one stapled response. A look at the code shows that it uses only `gnutls_ocsp_status_request_get` to get the response, not `gnutls_ocsp_status_request_get2`.

Versions of gnutls tested:
* 3.6.9 from Ubuntu
* local build of master at 85af41159d76fc9733f2ead54a9a2ab64aeb2b80

You can find my server-side WIP for mod_gnutls in the [wip-ocsp-multi-staple on Github](https://github.com/airtower-luna/mod_gnutls/tree/wip-ocsp-multi-staple), if you'd like to test with it.

I have a patch that fixes the logging issue (https://gitlab.com/airtower-luna/gnutls/commit/8faf6902c7e19eb093e5929608e9e38251d0c9bc), but the same problem affects the `--save-ocsp` option. What would be the best way to fix that? Dumping multiple DER responses into one file seems questionable.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/904
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200111/c2ed66db/attachment.html>

More information about the Gnutls-devel mailing list