[gnutls-devel] Support for OCSP Must-staple ?
Tim Rühsen
tim.ruehsen at gmx.de
Sat May 21 11:22:29 CEST 2016
Am Freitag, 20. Mai 2016, 17:32:35 schrieb Nikos Mavrogiannopoulos:
> On Fri, May 20, 2016 at 3:28 PM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> > On Friday 20 May 2016 13:02:17 Jeremy Harris wrote:
> >> On 20/05/16 11:49, Tim Ruehsen wrote:
> >> > do you have any plans to implement/support RFC7633 in the near future ?
> >>
> >> While we're asking, how about rfc6961 (full-chain staple) also?
> >
> > From my todo list ;-)
> >
> > add OCSP multi-stapling by simply merging the OCSP answers into one
> > ASN.1
> >
> > file. gnutls-cli has to extended for that, the low-level stuff should be
> > done in 3.4 branch.
> >
> > add OCSP multi-stapling to gnutls-serv, so we can test gnutls-cli with
> >
> > gnutls-serv.
> >
> > add support for this file in modgnutls of Apache, it should be
> > straight
> >
> > forward. the GNUTLS API should be ready for doing that.
> >
> > add OCSP multi-stapling to wget2. We can test with modgnutls or
> > gnutls-
> >
> > serv.
> > We had some discussion about it on this list one or two years ago.
> > But tasks are always interrupted by higher priority tasks which are
> > interrupted by ... never ending story :-(
>
> That attempt is on the ocsp2 branch at:
> https://gitlab.com/gnutls/gnutls/commits/ocsp2
>
> I don't remember how far it was gone, or whether it can apply on
> master, but I remember I didn't follow up because there were no other
> implementations of it, nor any plans for it. I can see it is still
> open at NSS and openssl. However, with the track OCSP stapling is
> taking, this will become something required in the future. So if there
> is someone to push for it and creates the required tooling (for an
> admin to agreegate ocsp responses) I'm all for it to include it.
Could you rebase/merge ocsp2 onto/with master (or 3_4_x) ?
It seems to be not straight forward to me and you know your code.
Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160521/2fac8689/attachment.sig>
More information about the Gnutls-devel
mailing list