[gnutls-devel] OCSP RFC6961 for web servers
Tim Ruehsen
tim.ruehsen at gmx.de
Fri Feb 6 11:05:52 CET 2015
First, many thanks for your clarifications.
On Wednesday 04 February 2015 17:29:33 Nikos Mavrogiannopoulos wrote:
> > I thought ocsptool is to generate requests (and responses) for OCSP
> > responders. What has this to do with the TLS extension status_request_v2
> > (despite the fact that a HTTPS server could use the responses to build
> > status_request_v2 stapled responses for the 'Server Hello').
>
> Exactly (though, the status request response isn't sent on server
> hello). We need a way/tool for server operators to gather and
> concatenate their OCSP responses in a format gnutls will understand.
> ocsptool ought to do that.
From status_request.c/_gnutls_status_request_decode_raw_resp() I can see, that
the file format has already already fixed for v2.
Just to be in line with you... Do you think it is appropriate to add an CLI
option to ocsptool (e.g. --merge-response=file1,file2,...) to merge several
response files into one file (specified by --outfile) readable by the library
code ?
Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150206/8c4938d7/attachment.sig>
More information about the Gnutls-devel
mailing list