Alicja Kario (@mention me if you need reply) commented on a discussion: 
https://gitlab.com/gnutls/gnutls/-/issues/1746#note_2823185375


Thank you!

OK, so it looks like the server is using OCSP stapling, but then it sends 
`status_request` extension for all the certificates in the chain, while 
including actual OCSP response only for the first one...

As we can read in
https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2.1
and then in 
https://datatracker.ietf.org/doc/html/rfc6066#page-15

the `OCSPResponse` object MUST NOT be empty (it needs to have length
of at least 1:
```
      opaque OCSPResponse<1..2^24-1>;
```

That means that the server is behaving incorrectly.

Could you share details how you configured OCSP stapling in it?
I wonder if it's a bug in OpenSSL or in nginx...

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnutls/gnutls/-/issues/1746#note_2823185375
You're receiving this email because of your account on gitlab.com.


_______________________________________________
Gnutls-devel mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
  • Re: [gnutl... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • [gnut... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities
    • Re: [... Read-only notification of GnuTLS library development activities

Reply via email to