Follow-up Comment #8, bug #43799 (project wget):
Vincent, or is the revocation due to OCSP stapling ?
I guess it is... so the OCSP responder has been asked by the server and the
answer has been included in the TLS handshake.
That's why we get "The certificate has been revoked.".
Should we amend this message to "The certificate has been revoked via OCSP
stapling." ?
Well, when I implemented OCSP, Google was missing an OCSP responder
information in one of their certs. I wasn't sure what was going on, so I let
wget2 continue in this case.
I just saw, the google cert chain seems to be fixed now.
Should stop/error in case OCSP responder information is missing ?
WDYT ?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43799>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
