[gnutls-help] OCSP functionality in GnutTLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Apr 29 08:55:54 CEST 2016
On Thu, Apr 28, 2016 at 11:43 PM, jonetsu <jonetsu at teksavvy.com> wrote:
> Can you please shed a light on the following basic use case
> regarding OCSP ? When TLS is used, as for instance rsyslog is
> using it to establish a secure remote logging communication,
> using certificates, is the certification validation using OCSP
> automatically handled by GnuTLS ? Eg. is it transparent to the
> application, or should the application add GnuTLS calls to handle
> it ?
The OCSP verification is transparent only when the server is using the
certificate status request TLS extension (aka OCSP stapling).
Otherwise the application has to handle the communication with the
OCSP server.
regards,
Nikos
More information about the Gnutls-help
mailing list