[gnutls-devel] Support for OCSP Must-staple ?

Tim Kosse tim.kosse at filezilla-project.org
Tue May 24 00:29:00 CEST 2016


Hi,

sorry, I had too many other things to do and then forgot about this :(

Please have a look at the attached patch series for everything I
implemented so far.

If I remember correctly, the following things are still missing:
- More unit tests
- Copying of the feature extension data from CRQs into the generated
certificates
- Dealing with certificate chains as described in section 4.2.2 of RFC7633

Regards,
Tim

On 2016-05-20 14:30, Nikos Mavrogiannopoulos wrote:
> On Fri, May 20, 2016 at 12:49 PM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
>> Hi Nikos,
>> do you have any plans to implement/support RFC7633 in the near future ?
> 
> That sounds like a very good thing to have overall, and we can include
> it in the 3.5.x releases. Tim (in CC) has a set of patches [1], but
> unless I missed it there was no final version submitted. Tim would you
> be interested in completing the submission? I've created a ticket at
> [0] to make sure that this doesn't get under my radar.
> 
> regards,
> Nikos
> 
> [1]. http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8401
> [0]. https://gitlab.com/gnutls/gnutls/issues/98
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0012-Fix-exporting-the-DER-for-the-tlsfeatures.patch
Type: text/x-patch
Size: 1294 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0022.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0013-Implement-setting-the-TLS-features-extension-on-cert.patch
Type: text/x-patch
Size: 3739 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0023.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0014-Honor-the-passed-type-in-get_tlsfeatures_set.patch
Type: text/x-patch
Size: 991 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0024.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015-Add-functions-to-get-set-the-tlsfeatures-to-certific.patch
Type: text/x-patch
Size: 4583 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0025.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0016-Add-tlsfeatures-to-generated-certificate-requests.patch
Type: text/x-patch
Size: 633 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0026.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0017-Fix-indentation-of-features-when-printing-crq-detail.patch
Type: text/x-patch
Size: 1266 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0027.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0018-Fix-the-description-of-two-testcases.patch
Type: text/x-patch
Size: 1376 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0028.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0019-Move-call-to-terminate-until-after-printing-the-erro.patch
Type: text/x-patch
Size: 2740 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0029.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0020-Add-testcase-to-check-for-missing-status-request-fro.patch
Type: text/x-patch
Size: 10410 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0030.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0021-Reset-extensions_sent_size-only-at-start-of-handshak.patch
Type: text/x-patch
Size: 1679 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0031.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0022-Fix-memory-leaks.patch
Type: text/x-patch
Size: 1244 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0032.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-the-TLS-Features-extension-from-RFC-7633-to-the-.patch
Type: text/x-patch
Size: 1361 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0033.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Implement-functions-to-parse-the-TLSFeatures-X.509-e.patch
Type: text/x-patch
Size: 8263 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0034.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-If-we-have-sent-an-OCSP-status-request-and-have-not-.patch
Type: text/x-patch
Size: 3943 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0035.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fix-a-typo-in-the-documentation-it-s-spelled-OCSP.patch
Type: text/x-patch
Size: 950 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0036.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Use-_gnutls_extension_list_check-instead-of-manually.patch
Type: text/x-patch
Size: 1905 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0037.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Add-gnutls_x509_crt_get_tlsfeatures-and-move-the-ver.patch
Type: text/x-patch
Size: 10188 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0038.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0007-Fix-datatypes-and-document-the-new-functions.patch
Type: text/x-patch
Size: 7559 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0039.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0008-Add-gnutls_x509_ext_export_tlsfeatures-to-convert-th.patch
Type: text/x-patch
Size: 2583 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0040.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-Implement-gnutls_x509_tlsfeatures_add-to-add-feature.patch
Type: text/x-patch
Size: 2055 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0041.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0010-Add-the-new-function-for-the-tlsfeatures-to-libgnutl.patch
Type: text/x-patch
Size: 1835 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0042.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0011-Implement-gnutls_x509_crt_set_tlsfeatures.patch
Type: text/x-patch
Size: 2012 bytes
Desc: not available
URL: </pipermail/attachments/20160523/01646018/attachment-0043.bin>


More information about the Gnutls-devel mailing list