[gnutls-devel] GnuTLS | gnutls-cli logs only the first stapled OCSP response (#904)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Jan 11 21:40:48 CET 2020
Airtower created an issue: https://gitlab.com/gnutls/gnutls/issues/904
I'm working on implementing multi-staple in mod_gnutls, and when testing with gnutls-cli found that it would never log more than one stapled response. A look at the code shows that it uses only `gnutls_ocsp_status_request_get` to get the response, not `gnutls_ocsp_status_request_get2`.
Versions of gnutls tested:
* 3.6.9 from Ubuntu
* local build of master at 85af41159d76fc9733f2ead54a9a2ab64aeb2b80
You can find my server-side WIP for mod_gnutls in the [wip-ocsp-multi-staple on Github](https://github.com/airtower-luna/mod_gnutls/tree/wip-ocsp-multi-staple), if you'd like to test with it.
I have a patch that fixes the logging issue (https://gitlab.com/airtower-luna/gnutls/commit/8faf6902c7e19eb093e5929608e9e38251d0c9bc), but the same problem affects the `--save-ocsp` option. What would be the best way to fix that? Dumping multiple DER responses into one file seems questionable.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/904
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200111/c2ed66db/attachment.html>
More information about the Gnutls-devel
mailing list