[gnutls-devel] gnutls-cli OCSP test code for branch 'ocsp2'

Tim Ruehsen tim.ruehsen at gmx.de
Tue Feb 3 12:15:28 CET 2015

Hi Nikos,

I finally found a bit of time (sigh).

I rebased ocsp2 on master and added some lines of code to gnutls-cli to check 
RFC6961 (OCSP multi-stapling) status.

I tested with yahoo.com which I now to support OCSP (single-)stapling and had 
a look with wireshark 1.12.1. (Using 'src/gnutls-cli -d2 --ocsp yahoo.com')

gnutls-cli 'Client Hello' has both 'status_request' and 'status_request_v2' 
inside. But Wireshark says 'Malformed Packet' and I am not sure what it 
doesn't like (The 'status_request_v2' has a 'request extension length' of 5. 
Not sure if this is correct.)

The 'Server Hello' has a 'status_request' inside (type 5, length 0).
But gnutls_ocsp_status_request_is_checked() returns 0.
This seems wrong in libgnutls... I would expect a return value of 1 in this 

Could you have a look at it ?

Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150203/3d45cbe2/attachment.sig>

More information about the Gnutls-devel mailing list