[gnutls-devel] gnutls-cli OCSP test code for branch 'ocsp2'

Tim Ruehsen tim.ruehsen at gmx.de
Tue Feb 3 13:03:09 CET 2015

Sorry, forgot the patch for gnutls-cli (branch 'ocsp2').


On Tuesday 03 February 2015 12:15:28 Tim Ruehsen wrote:
> Hi Nikos,
> I finally found a bit of time (sigh).
> I rebased ocsp2 on master and added some lines of code to gnutls-cli to
> check RFC6961 (OCSP multi-stapling) status.
> I tested with yahoo.com which I now to support OCSP (single-)stapling and
> had a look with wireshark 1.12.1. (Using 'src/gnutls-cli -d2 --ocsp
> yahoo.com')
> gnutls-cli 'Client Hello' has both 'status_request' and 'status_request_v2'
> inside. But Wireshark says 'Malformed Packet' and I am not sure what it
> doesn't like (The 'status_request_v2' has a 'request extension length' of 5.
> Not sure if this is correct.)
> The 'Server Hello' has a 'status_request' inside (type 5, length 0).
> But gnutls_ocsp_status_request_is_checked() returns 0.
> This seems wrong in libgnutls... I would expect a return value of 1 in this
> case.
> Could you have a look at it ?
> Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-add-OCSP-multi-stapling-test-code.patch
Type: text/x-patch
Size: 3033 bytes
Desc: not available
URL: </pipermail/attachments/20150203/30c0e3cc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150203/30c0e3cc/attachment.sig>

More information about the Gnutls-devel mailing list