>    The "exim" server claims to support stapling (for incoming connections)
  
Yes, which isn't what I asked.
  
>    The Must-Staple belongs to the certificate which was requested
    including "1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05"
    in the CSR.
  
Does the exim server understand that extension?  If, for example, exim was 
built with OpenSSL, then it does not handle that extension.  What TLS stack was 
the server built with?

>    OCSP Must-Staple certificates are getting more popular.

FWIW, I have not noticed this, but maybe I'm looking in the wrong places.  On 
the other hand, nobody has raised the issue, nor made a pull request, with 
OpenSSL, so it can't be very popular yet. 

        /r$


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to