TLS 1.3: support for status_request extension in CertificateRequest messages

Jamil Nimeh jamil.j.nimeh at oracle.com
Mon Dec 16 20:02:16 UTC 2019


So maybe I'll make a short-term fix to at least make the client not barf 
on the status_request in the CR message from the server. That much 
should be done for correctness.  Making the client actually support OCSP 
stapling in its Cert message is a much bigger change and can come later.

I'll create a bug entry for the status_request handling part. The actual 
OCSP stapling support would have to be a separate issue and an RFE 
rather than a bug.

--Jamil

On 12/16/2019 11:23 AM, Martin Balao wrote:
> Hi Jamil,
>
> Thanks for your answer.
>
> On 12/16/19 2:29 PM, Jamil Nimeh wrote
>> If you want to take a swing at it, go for it.  I'd be happy to be a
>> reviewer for it.
> I'm still unsure of how are we going to prioritize this but I'd let you
> know if we go for it.
>
> Regards,
> Martin.-
>



More information about the security-dev mailing list