On 10/10/2019 22:53, Jeremy Harris wrote:
> On 01/10/2019 12:21, Jeremy Harris wrote:
>> I'm using the indexfile variant. It seems that the -CA argument
>> needs to be the signer of the cert, not the CA for the chain; and
>> you cannot give -CA multiple times. So you don't get good OCSP status
On 11/10/2019 09:57, Matt Caswell wrote:
> OpenSSL does not currently support that. You can only place a status response
> after the first certificate.
>
> Matt
That's why I asked:
>> Are both layouts of the TLS1.3 Certificates record valid?
--
Cheers,
Jeremy
On 11/10/2019 10:10, Jeremy Harris wrote:
> On 11/10/2019 09:57, Matt Caswell wrote:
>> OpenSSL does not currently support that. You can only place a status response
>> after the first certificate.
>>
>> Matt
>
>
> That's why I asked:
>
>>> Are both layouts of the TLS1.3 Certificates record v