<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div style="">
<p dir="auto">So the situation is that the chain contains:</p>
<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">1. [server cert] || [ocsp response]</span>
<span id="LC2" class="line" lang="plaintext">2. [server cert]</span>
<span id="LC3" class="line" lang="plaintext">3. [ca cert]</span></code></pre>
<p dir="auto">The server cert has the extension that requires an OCSP response, and the code that enforces it goes through the list of the certificates as sent by the server and enforces the flag. It fails at point (2) because the certificate is not accompanied by a corresponding response. Indeed the response was previously sent in step 1, so gnutls could have used it.</p>
<p dir="auto">We could introduce some logic to handle it, though I am not sure whether the problem is significant enough to warrant additional complexity.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/783#note_179180932">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/c49c5c82142077c025a3a33aa3188ce4/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/783#note_179180932"}}</script>
</p>
</div>
</body>
</html>