gnutls 3.3.8 A non-ocsp-aware client and a server which has called gnutls_certificate_set_ocsp_status_request_file() fails, with the following sequence seen in packet capture:
- Client hello (nothing special) -- extension: server_name -- extension: sessionTicket -- extension: signature_algorithms -- extension: ec_point_formats -- extension: elliptic_curves - Server hello (covers 2 packets) -- server hello --- extension: status_request --- extension: renegotiation_info --- extension: ec_point_formats -- server cert (2-element chain) -- certificate status (refers to server cert) -- server key exchange -- server hello done - Fatal Alert from client -- unsupported extension ===== - Why, when the Client hello did not include a status_request extension, did the server include cert-status in its server hello? - Why did the server include a status_request in its server hello? -- Cheers, Jeremy _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
