[gnutls-devel] GnuTLS | WIP: Add option to store all stapled OCSP responses to gnutls-cli (!1189)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Feb 8 12:47:58 CET 2020

Airtower commented:

The option is specifically intended to check OCSP stapling, so yes, recording only stapled responses is intentional. STATUS_REQUEST_V2 is obsoleted by TLS 1.3, the stapled responses are carried in extensions to the CertificateEntry ([RFC 8446, Section](https://tools.ietf.org/html/rfc8446#section- so multi-stapling is supported by default.

Unfortunately I don't know any public website that uses multi-stapling, and the only web server implementation I'm aware supports it is Apache with mod_gnutls 0.10 (which I released on Monday). Testing that is how I noticed the limitations in `gnutls-cli` described in #904.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1189#note_284668243
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200208/dbabb44a/attachment-0001.html>

More information about the Gnutls-devel mailing list