Do client programs staple a status when sending a cert to the server? It seems
possible, someone just asked me if anyone does it.
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
Prior to TLS 1.3, it wasn't possible because the Certificate message didn't
have extensions. Starting TLS 1.3, it looks like we did define
status_request to be allowed in either direction. We (BoringSSL) never
implemented the client certificate direction, since we haven't needed it
yet. We just ign
The same situation with the Windows TLS stack: we're not parsing status_request
carried in the CertificateRequest message. There has not been a business
case/request to support this for client certs.
Cheers,
Andrei
From: TLS On Behalf Of David Benjamin
Sent: Friday, May 20, 2022 10:24 AM
To:
