cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH v2] OCSP stapling for GnuTLS and NSS

From: Daniel Stenberg <>
Date: Thu, 15 Jan 2015 00:08:42 +0100 (CET)

On Thu, 8 Jan 2015, Alessandro Ghedini wrote:

> The only difference from [0] is that I fixed the NSS patch to shorten the
> line longer than 79 chars like Kamil suggested. I also fixed some typos in
> the commit messages.

Thanks a lot for your work on this!

I'd like to request that setting the new option returns an error if tried to
be set when built to use a backend that doesn't support it! I figure it is
most easily implemented by adding a new SSL backend function in the style of
other Curl_ssl_* ones. Like perhaps Curl_ssl_cert_status_request() that could
return TRUE/FALSE if supported. It'll help apps to know what to expect or not
from a TLS based transfer.

Do you agree?

> Unfortunately I haven't had much time to look into the OpenSSL problem yet.
> For those interested my current patch is at [1] (in the
> status_request_openssl branch).

Let's go for first getting the NSS and GnuTLS versions merged, and then work
on getting the OpenSSL version working. Richard Moore got code working with
OpenSSL for this, so I hope we could get some pointers from him.

I'll try to get these patches merged asap.

List admin:
Received on 2015-01-15