--- Comment #2 from Jeremy Harris <> ---
I note that the original RFC for stapling, 6066, only talks about it in terms
of the client requesting and the server supplying certificate status. Section 8.

Also the OpenSSL manpage for SSL_CTX_set_tlsext_status_cb() only describes
use in that direction, as does the GnuTLS docs page on OCSP stapling.

It may well be that client-certs are second class citizens in TLS1.2, and the
best recourse is to use limited-lifetime ones.  In TLS1.3 however, RFC 8446
section says that the server can request stapling by the client.  It
remains to be seen what library support there may be.

You are receiving this mail because:
You are on the CC list for the bug.
## List details at Exim 
details at ##

Reply via email to