[gnutls-help] ocsp stapling
Jeremy Harris
jgh at wizmail.org
Sun Jul 26 22:10:30 CEST 2015
gnutls 3.3.8
A non-ocsp-aware client and a server which has called
gnutls_certificate_set_ocsp_status_request_file()
fails, with the following sequence seen in packet capture:
- Client hello (nothing special)
-- extension: server_name
-- extension: sessionTicket
-- extension: signature_algorithms
-- extension: ec_point_formats
-- extension: elliptic_curves
- Server hello (covers 2 packets)
-- server hello
--- extension: status_request
--- extension: renegotiation_info
--- extension: ec_point_formats
-- server cert (2-element chain)
-- certificate status (refers to server cert)
-- server key exchange
-- server hello done
- Fatal Alert from client
-- unsupported extension
=====
- Why, when the Client hello did not include a status_request extension,
did the server include cert-status in its server hello?
- Why did the server include a status_request in its server hello?
--
Cheers,
Jeremy
More information about the Gnutls-help
mailing list