crypto/tls: optional ocspStapling #8549
Comments
|
go version go1.4rc2 Attaching a different patch which resolves my issue and follows the wording in RFC4366 more precisely. |
brad-burch
changed the title
|
Any movement on this? It has caused some confusion on this stack overflow question. Given that the patch proposes to accurately implement the RFC, is there any downside in integrating it? |
|
@mberhault, any movement would be reflected in this bug, so I would say there's been no movement. And no patch was formally sent via https://golang.org/doc/contribute.html @agl, any opinion on making OCSP stapling optional? |
bradfitz
added
the
NeedsDecision
|
We don't want to accrete lots of options to work around buggy servers. OCSP stapling isn't obscure or anything. |
|
The updated patch (not the original) is about properly handling a |
|
Ah, I see. The CertificateStatus message being optional is a mistake in the spec, but it is in the spec. I don't want to look at a patch that isn't CLAed, but it sounds perfectly reasonable. (Possibly for 1.10, even.) |
|
Sounds reasonable. @brad-burch: would you mind taking your patch through https://golang.org/doc/contribute.html? |
|
Change https://golang.org/cl/86115 mentions this issue: |
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
go version go1.3 I have a server outside my control that fails to respond properly when OSCP stapling is enabled and causes a "tls: received unexpected handshake message..." error. I would like to be able to set a tls.Config{} option to disable OSCP stapling instead of recompiling the package. I am attaching the rudimentary patch I have been compiling into crypto/tls.Attachments:
The text was updated successfully, but these errors were encountered: