[gnutls-devel] OCSP RFC6961 for web servers

Tim Ruehsen tim.ruehsen at gmx.de
Fri Feb 6 11:05:52 CET 2015

First, many thanks for your clarifications.

On Wednesday 04 February 2015 17:29:33 Nikos Mavrogiannopoulos wrote:
> > I thought ocsptool is to generate requests (and responses) for OCSP
> > responders. What has this to do with the TLS extension status_request_v2
> > (despite the fact that a HTTPS server could use the responses to build
> > status_request_v2 stapled responses for the 'Server Hello').
> Exactly (though, the status request response isn't sent on server
> hello). We need a way/tool for server operators to gather and
> concatenate their OCSP responses in a format gnutls will understand.
> ocsptool ought to do that.

From status_request.c/_gnutls_status_request_decode_raw_resp() I can see, that 
the file format has already already fixed for v2.

Just to be in line with you... Do you think it is appropriate to add an CLI 
option to ocsptool (e.g. --merge-response=file1,file2,...) to merge several 
response files into one file (specified by --outfile) readable by the library 
code ?

Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150206/8c4938d7/attachment.sig>

More information about the Gnutls-devel mailing list