Alicja Kario (@mention me if you need reply) commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1746#note_2823185375 Thank you! OK, so it looks like the server is using OCSP stapling, but then it sends `status_request` extension for all the certificates in the chain, while including actual OCSP response only for the first one... As we can read in https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2.1 and then in https://datatracker.ietf.org/doc/html/rfc6066#page-15 the `OCSPResponse` object MUST NOT be empty (it needs to have length of at least 1: ``` opaque OCSPResponse<1..2^24-1>; ``` That means that the server is behaving incorrectly. Could you share details how you configured OCSP stapling in it? I wonder if it's a bug in OpenSSL or in nginx... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1746#note_2823185375 You're receiving this email because of your account on gitlab.com.
_______________________________________________ Gnutls-devel mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-devel
