The same situation with the Windows TLS stack: we're not parsing status_request carried in the CertificateRequest message. There has not been a business case/request to support this for client certs.
Cheers, Andrei From: TLS <tls-boun...@ietf.org> On Behalf Of David Benjamin Sent: Friday, May 20, 2022 10:24 AM To: Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> Cc: tls@ietf.org Subject: [EXTERNAL] Re: [TLS] Client programs and stapling? Prior to TLS 1.3, it wasn't possible because the Certificate message didn't have extensions. Starting TLS 1.3, it looks like we did define status_request to be allowed in either direction. We (BoringSSL) never implemented the client certificate direction, since we haven't needed it yet. We just ignore the extension if we see it in CertificateRequest. At a glance, it looks like OpenSSL does the same. Dunno about other implementations. On Fri, May 20, 2022 at 1:07 PM Salz, Rich <rsalz=40akamai....@dmarc.ietf.org<mailto:40akamai....@dmarc.ietf.org>> wrote: Do client programs staple a status when sending a cert to the server? It seems possible, someone just asked me if anyone does it. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C01%7CAndrei.Popov%40microsoft.com%7Cb4762a62317f4328c3dc08da3a858ee8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637886642965567650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ISc7UZjN175WKsIZatwEANK691ViWucPNbSFb5XlX9E%3D&reserved=0>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
