crypto/tls: Implement TLS Feature extension #13074

titanous · 2015-10-27T23:12:05Z

The TLS Feature extension (RFC 7633) allows certificates to specify TLS features that must be used in handshakes that include the certificate. This allows implementation of "OCSP must-staple" which requires an OCSP response to be stapled into the handshake in order for it to be valid.

This would just be a change to client chain/handshake verification, I don't believe that any fields or methods need to be exposed.

/cc @agl

agl · 2016-08-19T16:55:36Z

For the moment OCSP stapling isn't really supported as a client in Go and the TLS Feature extension doesn't see enough use to be considered for Go. Go generally (and deliberately) trails other implementations in this sort of thing because things like browsers are a better testing ground.

I'm closing this, not because we would never support this, but because the bug tracker is a to-do list and I feel that this entry is currently premature.

ianlancetaylor added this to the Unplanned milestone Nov 5, 2015

agl closed this as completed Aug 19, 2016

golang locked and limited conversation to collaborators Aug 19, 2017

gopherbot added the FrozenDueToAge label Aug 19, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto/tls: Implement TLS Feature extension #13074

crypto/tls: Implement TLS Feature extension #13074

titanous commented Oct 27, 2015

agl commented Aug 19, 2016

crypto/tls: Implement TLS Feature extension #13074

crypto/tls: Implement TLS Feature extension #13074

Comments

titanous commented Oct 27, 2015

agl commented Aug 19, 2016