[gnutls-help] full-chain ocsp stapling
nmav at gnutls.org
Mon Dec 2 13:40:10 CET 2019
Isn't that the same as https://gitlab.com/gnutls/gnutls/issues/829 ?
On Sun, Nov 24, 2019 at 6:44 PM Jeremy Harris <jgh at wizmail.org> wrote:
> On 10/11/2019 20:45, Jeremy Harris wrote:
> > GnuTLS 3.6.8
> > I'm testing $subject using a 3-layer cert chain, and stapled ocsp
> > under TLS1.3 for which the middle item is non-valid.
> > but gnutls_ocsp_status_request_is_checked(state->session, 0) returns
> > nonzero (meaning "valid").
> > I'm not quite clear what level of validity is being described here.
> > Should it be checking that the OCSP response indicates non-revoked
> > certificates, for all cert-chain elements covered? Or is it only
> > saying that the stapled information is well-constructed and signed
> > (meaning that I should be taking more actions to validate the
> > certs; if so, what)?
> No answers on this?
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
More information about the Gnutls-help