Hi, Isn't that the same as https://gitlab.com/gnutls/gnutls/issues/829 ?
regards, Nikos On Sun, Nov 24, 2019 at 6:44 PM Jeremy Harris <[email protected]> wrote: > > On 10/11/2019 20:45, Jeremy Harris wrote: > > GnuTLS 3.6.8 > > > > I'm testing $subject using a 3-layer cert chain, and stapled ocsp > > under TLS1.3 for which the middle item is non-valid. > ... > > but gnutls_ocsp_status_request_is_checked(state->session, 0) returns > > nonzero (meaning "valid"). > > > > I'm not quite clear what level of validity is being described here. > > Should it be checking that the OCSP response indicates non-revoked > > certificates, for all cert-chain elements covered? Or is it only > > saying that the stapled information is well-constructed and signed > > (meaning that I should be taking more actions to validate the > > certs; if so, what)? > > No answers on this? > -- > Cheers, > Jeremy > > _______________________________________________ > Gnutls-help mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnutls-help _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
