tls13: request OCSP responses as a server

The TLS1.3 protocol requires the server to advertise an empty OCSP status request extension on its certificate verify message for an OCSP response to be sent by the client. We now always send this extension to allow clients attaching those responses. Resolves: #876 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2020-01-15 11:05:31 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2020-01-20 17:38:12 +0100
commit: f39b85db96c099c5f851f000cb74fb5200e05919 (patch)
tree: 6bbb6ce49e1610435ab20db79ec63b9c3145a299 /NEWS
parent: 6ab20d77120f818522863bd43cab20541e0afa57 (diff)
download: gnutls-f39b85db96c099c5f851f000cb74fb5200e05919.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 23b4859682..28afa6944b 100644
--- a/NEWS
+++ b/NEWS
@@ -42,7 +42,8 @@ See the end for copying conditions.
    have been marked as insecure otherwise (#877).
 
 ** libgnutls: On client side only send OCSP staples if they have been requested
-   by the server (#876).
+   by the server, and on server side always advertise that we support OCSP stapling
+   (#876).
 
 ** libgnutls: The default-priority-string added to system configuration
    to allow overriding compiled-in default-priority-string.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-01-15 11:05:31 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2020-01-20 17:38:12 +0100
commit	f39b85db96c099c5f851f000cb74fb5200e05919 (patch)
tree	6bbb6ce49e1610435ab20db79ec63b9c3145a299 /NEWS
parent	6ab20d77120f818522863bd43cab20541e0afa57 (diff)
download	gnutls-f39b85db96c099c5f851f000cb74fb5200e05919.tar.gz