Follow-up Comment #8, bug #43799 (project wget): Vincent, or is the revocation due to OCSP stapling ? I guess it is... so the OCSP responder has been asked by the server and the answer has been included in the TLS handshake. That's why we get "The certificate has been revoked.".
Should we amend this message to "The certificate has been revoked via OCSP stapling." ? Well, when I implemented OCSP, Google was missing an OCSP responder information in one of their certs. I wasn't sure what was going on, so I let wget2 continue in this case. I just saw, the google cert chain seems to be fixed now. Should stop/error in case OCSP responder information is missing ? WDYT ? _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?43799> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/