[gnutls-help] full-chain ocsp stapling

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Dec 2 13:40:10 CET 2019


Hi,
 Isn't that the same as https://gitlab.com/gnutls/gnutls/issues/829 ?

regards,
Nikos

On Sun, Nov 24, 2019 at 6:44 PM Jeremy Harris <jgh at wizmail.org> wrote:
>
> On 10/11/2019 20:45, Jeremy Harris wrote:
> > GnuTLS 3.6.8
> >
> > I'm testing $subject using a 3-layer cert chain, and stapled ocsp
> > under TLS1.3 for which the middle item is non-valid.
> ...
> > but gnutls_ocsp_status_request_is_checked(state->session, 0) returns
> > nonzero (meaning "valid").
> >
> > I'm not quite clear what level of validity is being described here.
> > Should it be checking that the OCSP response indicates non-revoked
> > certificates, for all cert-chain elements covered?  Or is it only
> > saying that the stapled information is well-constructed and signed
> > (meaning that I should be taking more actions to validate the
> > certs; if so, what)?
>
> No answers on this?
> --
> Cheers,
>   Jeremy
>
> _______________________________________________
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-help



More information about the Gnutls-help mailing list