[gnutls-devel] OCSP for www.google.com
Tim Ruehsen
tim.ruehsen at gmx.de
Thu Jan 15 14:50:21 CET 2015
Hi,
using gnutls-cli (3.3.11-1 from Debian Experimental) with --ocsp does not work
for www.google.com. My question is, does gnutls and/or google fail ?
From 'gnutls-cli --ocsp -V www.google.com' I see three certs returned:
Processed 171 CA certificate(s).
Resolving 'www.google.com'...
Connecting to '173.194.113.179:443'...
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
...
Extensions:
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
Access Location URI: http://pki.google.com/GIAG2.crt
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://clients1.google.com/ocsp
...
- Certificate[1] info:
...
Extensions:
Authority Information Access (not critical):
Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
Access Location URI: http://g.symcd.com
...
- Certificate[2] info: [does not matter]
...
- Status: The certificate is trusted.
Connecting to OCSP server: g.symcd.com...
Resolving 'g.symcd.com'...
Connecting to '23.37.43.27:80'...
*** Got OCSP response with no data (ignoring)
*** OCSP response ignored...
From what I found on the internet, http://clients1.google.com/ocsp should be
OCSP-requested, not http://g.symcd.com though Certificate[1] seems to be the
issuer for Certificate[1].
Could you please have a look at it ? And/or give some advise what to do ?
Thank you !
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150115/ab90e3cb/attachment.sig>
More information about the Gnutls-devel
mailing list