[gnutls-devel] BUG: Cannot connect with non-blocking OS to OCSP stapling-enabled (CERTIFICATE STATUS) server

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jan 7 09:30:46 CET 2014


On Mon, Jan 6, 2014 at 3:30 PM, Nils Maier <testnutzer123 at gmail.com> wrote:

> Affected: Likely all GnuTLS versions supporting OCSP stapling. Tested
> with 3.1.18 and 3.2.8.
>
> STR:
> - Program client using non-blocking sockets. Or if you're lazy, use
> aria2, where we discovered this.
> http://aria2.sourceforge.net/
> https://github.com/tatsuhiro-t/aria2/issues/179
> Or wget master, which is affected as well, or something like that.
>


Thank you. The fix seems correct and I'll apply it. As a work-around you
may call gnutls_init() with the GNUTLS_NO_EXTENSIONS flag (when defined).
The side effect would be to disable the OCSP status extension and the
session ticket extension being enabled by default.

regards,
Nikos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140107/1ef6ccfc/attachment.html>


More information about the Gnutls-devel mailing list