[gnutls-devel] Implementing RFC 7633 to support mandatory OCSP stapling.

Tim Kosse tim.kosse at filezilla-project.org
Mon Dec 21 18:18:52 CET 2015

On 2015-12-21 09:21, Nikos Mavrogiannopoulos wrote:
> Do you know any plans on other implementations to use/rely on
> that extension?

The latest version of Firefox Developer Edition already understands this
extension, so the NSS library should support it.

> Some comments:
> 1. "To proceed, first check whether we have requested the certificate status"
> Even though it's a simple check I'd suggest to use
> _gnutls_extension_list_check().

Excellent, didn't see this function.

> 2. Would it make sense to use gnutls_x509_ext_tlsfeatures_get()
> instead of gnutls_x509_crt_get_tlsfeature() to reduce the multiple
> decodings of this extension in case more than one features are
> present? In that case the checking for tlsfeatures would have to move
> to a separate function.

Yes, shouldn't be a problem.


More information about the Gnutls-devel mailing list