Prior to TLS 1.3, it wasn't possible because the Certificate message didn't have extensions. Starting TLS 1.3, it looks like we did define status_request to be allowed in either direction. We (BoringSSL) never implemented the client certificate direction, since we haven't needed it yet. We just ignore the extension if we see it in CertificateRequest. At a glance, it looks like OpenSSL does the same. Dunno about other implementations.
On Fri, May 20, 2022 at 1:07 PM Salz, Rich <rsalz= 40akamai....@dmarc.ietf.org> wrote: > Do client programs staple a status when sending a cert to the server? It > seems possible, someone just asked me if anyone does it. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
