[gnutls-help] ocsp stapling

Jeremy Harris jgh at wizmail.org
Fri Jul 31 16:42:15 CEST 2015

On 31/07/15 00:07, Jeremy Harris wrote:
> On 30/07/15 14:39, Jeremy Harris wrote:
>> On 30/07/15 12:33, Nikos Mavrogiannopoulos wrote:
>>> On Sun, Jul 26, 2015 at 11:10 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>>>> gnutls 3.3.8
>>> The latest version of gnutls on this branch is 3.3.16. Does the issue
>>> occur with that version?
>> I'll see if I can arrange that.
> Still occurs with 3.3.16 (as shipped for Debian Stretch).

Further: reproducible using the "client-ssl" utility from Exim's
testsuite, against the current Exim HEAD, but not when using
the "client-gnutls" utility.  The former is built with OpenSSL,
the latter with GnuTLS 3.3.16, and packet capture shows that the latter
is requesting certificate status of the server despite not being
told to do so.

Specifically, gnutls_ocsp_status_request_enable_client() has
not been called.

This is another aspect of the bug, but it means that you cannot
repro the bug purely using GnuTLS-based applications.


More information about the Gnutls-help mailing list