You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The TLS Feature extension (RFC 7633) allows certificates to specify TLS features that must be used in handshakes that include the certificate. This allows implementation of "OCSP must-staple" which requires an OCSP response to be stapled into the handshake in order for it to be valid.
This would just be a change to client chain/handshake verification, I don't believe that any fields or methods need to be exposed.
For the moment OCSP stapling isn't really supported as a client in Go and the TLS Feature extension doesn't see enough use to be considered for Go. Go generally (and deliberately) trails other implementations in this sort of thing because things like browsers are a better testing ground.
I'm closing this, not because we would never support this, but because the bug tracker is a to-do list and I feel that this entry is currently premature.
The TLS Feature extension (RFC 7633) allows certificates to specify TLS features that must be used in handshakes that include the certificate. This allows implementation of "OCSP must-staple" which requires an OCSP response to be stapled into the handshake in order for it to be valid.
This would just be a change to client chain/handshake verification, I don't believe that any fields or methods need to be exposed.
/cc @agl
The text was updated successfully, but these errors were encountered: