[gnutls-help] OCSP functionality in GnutTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Apr 29 08:55:54 CEST 2016

On Thu, Apr 28, 2016 at 11:43 PM, jonetsu <jonetsu at teksavvy.com> wrote:
> Can you please shed a light on the following basic use case
> regarding OCSP ?  When TLS is used, as for instance rsyslog is
> using it to establish a secure remote logging communication,
> using certificates, is the certification validation using OCSP
> automatically handled by GnuTLS ?  Eg. is it transparent to the
> application, or should the application add GnuTLS calls to handle
> it ?

The OCSP verification is transparent only when the server is using the
certificate status request TLS extension (aka OCSP stapling).
Otherwise the application has to handle the communication with the
OCSP server.


More information about the Gnutls-help mailing list