New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: optional ocspStapling #8549
Comments
go version go1.4rc2 Attaching a different patch which resolves my issue and follows the wording in RFC4366 more precisely. |
Any movement on this? It has caused some confusion on this stack overflow question. Given that the patch proposes to accurately implement the RFC, is there any downside in integrating it? |
@mberhault, any movement would be reflected in this bug, so I would say there's been no movement. And no patch was formally sent via https://golang.org/doc/contribute.html @agl, any opinion on making OCSP stapling optional? |
We don't want to accrete lots of options to work around buggy servers. OCSP stapling isn't obscure or anything. |
The updated patch (not the original) is about properly handling a |
Ah, I see. The CertificateStatus message being optional is a mistake in the spec, but it is in the spec. I don't want to look at a patch that isn't CLAed, but it sounds perfectly reasonable. (Possibly for 1.10, even.) |
Sounds reasonable. @brad-burch: would you mind taking your patch through https://golang.org/doc/contribute.html? |
Change https://golang.org/cl/86115 mentions this issue: |
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Follows the wording in RFC4366 more precisely which allows a server to optionally return a "certificate_status" when responding to a client hello containing "status_request" extension. fixes golang#8549 Change-Id: Ib02dc9f972da185b25554568fe6f8bc411d9c0b7 Reviewed-on: https://go-review.googlesource.com/86115 Reviewed-by: Adam Langley <agl@golang.org>
Attachments:
The text was updated successfully, but these errors were encountered: