[gnutls-devel] gnutls-cli OCSP test code for branch 'ocsp2'
Tim Ruehsen
tim.ruehsen at gmx.de
Tue Feb 3 12:15:28 CET 2015
Hi Nikos,
I finally found a bit of time (sigh).
I rebased ocsp2 on master and added some lines of code to gnutls-cli to check
RFC6961 (OCSP multi-stapling) status.
I tested with yahoo.com which I now to support OCSP (single-)stapling and had
a look with wireshark 1.12.1. (Using 'src/gnutls-cli -d2 --ocsp yahoo.com')
gnutls-cli 'Client Hello' has both 'status_request' and 'status_request_v2'
inside. But Wireshark says 'Malformed Packet' and I am not sure what it
doesn't like (The 'status_request_v2' has a 'request extension length' of 5.
Not sure if this is correct.)
The 'Server Hello' has a 'status_request' inside (type 5, length 0).
But gnutls_ocsp_status_request_is_checked() returns 0.
This seems wrong in libgnutls... I would expect a return value of 1 in this
case.
Could you have a look at it ?
Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150203/3d45cbe2/attachment.sig>
More information about the Gnutls-devel
mailing list