[gnutls-devel] GnuTLS | OCSP must staple issue with TLS1.3 (#783)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jun 7 08:36:25 CEST 2019



New Issue was created.

Issue 783: https://gitlab.com/gnutls/gnutls/issues/783
Author:    Nikos Mavrogiannopoulos
Assignees: 

[reported by mail by Björn Jacke of samba.org]

I see again something weird with gnutls and ocsp.

On imap.samba.org:993 we have a ocsp-must-staple enabled certificate,
the server is haproxy/openssl from latest Debian buster with TLS 1.3
enabled.

The certificate is working nicely with the stapled ocsp response from
the server with all kind of clients, except recent gnutls versions.

GnuTLS 3.5.18 for example works perfectly fine with:

echo QUIT | gnutls-cli  --sni-hostname=imap.samba.org imap.samba.org:993
--verbose | less

The same test GnuTLS 3.6.7 from Debian Buster (on current Fedora also)
fails with:

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/783
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190607/66b4aa69/attachment.html>


More information about the Gnutls-devel mailing list