[gnutls-devel] gnutls-cli OCSP test code for branch 'ocsp2'

Tim Ruehsen tim.ruehsen at gmx.de
Wed Feb 4 11:35:44 CET 2015


On Wednesday 04 February 2015 11:22:29 Nikos Mavrogiannopoulos wrote:
> On Wed, 2015-02-04 at 11:05 +0100, Tim Ruehsen wrote:
> > > I don't think that this is related. However, at the current state the
> > > packets generated seem to be in accordance with wireshark, so as far as
> > > I understand, it remains to properly support it on the server side by
> > > enhancing the ocsptool to generate a combined status request, as well as
> > > accounting the multiple OCSP responses received on peer's certificate
> > > verification.
> > 
> > The fix just handles the case where status_request and status_request_v2
> > both are sent (client hello), but the answer (server hello) just includes
> > status_request.
> > I guess, that will be pretty common the next few months/years.
> 
> Ok, thanks. I've handled it a bit differently.

Sorry, Nikos.
I just pulled it and it does not work.

gnutls_ocsp_status_request_is_checked still returns 0 though there is a 
status_request answer. 
Just apply my first patch 0001-add-OCSP-multi-stapling-test-code.patch ... it 
just adds some printf to show that.

My patch handles it...

Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150204/25c7fc1b/attachment.sig>


More information about the Gnutls-devel mailing list