[gnutls-devel] Support for OCSP Must-staple ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon May 23 09:43:35 CEST 2016

On Sat, May 21, 2016 at 8:05 PM, Jouni Malinen <jkmalinen at gmail.com> wrote:
> For quite some time, I was hoping to get ocsp_multi support available
> in one or more of the common TLS libraries to be able to use this in
> wpa_supplicant and hostapd. I ended up implementing an experimental
> version in the internal TLS implementation in hostap.git for both the
> server and client side so that I can at least test this functionality
> with WPA2 and EAP authentication. Since I also added support for using
> GnuTLS with server side OCSP stapling, I'd hope it would be relatively
> simple addition to get this running for interop testing (hostapd with
> GnuTLS as the EAP server and wpa_supplicant with the internal TLS
> client implementation as the EAP peer) if the GnuTLS implementation is
> expected to be in more or less functional state for OCSP stapling with
> the RFC 6961 extensions. I have fully automated test cases for that
> ready as well.

That's very nice. It certainly helps me prioritise that higher. My
question is how do you have administrators to provide the multiple
responses in your implementation?


More information about the Gnutls-devel mailing list