[gnutls-devel] Support for OCSP Must-staple ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue May 31 14:42:14 CEST 2016

On Tue, May 31, 2016 at 10:42 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> Just found one: suche.org
>                 Unknown extension (not critical):
>                         ASCII: 0....
>                         Hexdump: 3003020105

Thank you. It seems it is correctly listed from certtool in master:
        TLS Features (not critical):
            Status Request(5)

However, I realized that this pkix extension is quite undefined. There
is no well-defined behavior for "status_request_v2" and that issue
will show up once (and if) the multiple ocsp responses get deployed.

I've sent a mail to the author of rfc7633 and saag [0], but it is
unknown whether anything productive will come out of it. Most likely
this TlsFeature extension will be used  with a single value (5) to
indicate for ocsp status request or the multi one.


[0]. https://mailarchive.ietf.org/arch/msg/saag/52aBuwqIP30dIcIVCkDw6v59YN0

More information about the Gnutls-devel mailing list