On 10/11/2019 20:45, Jeremy Harris wrote: > GnuTLS 3.6.8 > > I'm testing $subject using a 3-layer cert chain, and stapled ocsp > under TLS1.3 for which the middle item is non-valid. ... > but gnutls_ocsp_status_request_is_checked(state->session, 0) returns > nonzero (meaning "valid"). > > I'm not quite clear what level of validity is being described here. > Should it be checking that the OCSP response indicates non-revoked > certificates, for all cert-chain elements covered? Or is it only > saying that the stapled information is well-constructed and signed > (meaning that I should be taking more actions to validate the > certs; if so, what)?
No answers on this? -- Cheers, Jeremy _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
