bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

From: Tim Ruehsen
Subject: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling
Date: Wed, 19 Aug 2015 10:14:34 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.1.0 
Follow-up Comment #8, bug #43799 (project wget):

Vincent, or is the revocation due to OCSP stapling ?
I guess it is... so the OCSP responder has been asked by the server and the
answer has been included in the TLS handshake.
That's why we get "The certificate has been revoked.".

Should we amend this message to "The certificate has been revoked via OCSP
stapling." ?

Well, when I implemented OCSP, Google was missing an OCSP responder
information in one of their certs. I wasn't sure what was going on, so I let
wget2 continue in this case.
I just saw, the google cert chain seems to be fixed now.

Should stop/error in case OCSP responder information is missing ?
WDYT ?


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?43799>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]