• From: Germany
  • Registered: 2013-08-27
  • Posts: 24

Topic: TLS Extensions trusted_ca_keys and status_request

I saw that wolfSSL embedded SSL doesn't seem to support all TLS extensions as defined in RFC 6066 [1].

From wolfssl/internal.h:

typedef enum {
    SERVER_NAME_INDICATION =  0,
    MAX_FRAGMENT_LENGTH    =  1,
  /*CLIENT_CERTIFICATE_URL =  2,
    TRUSTED_CA_KEYS        =  3,*/
    TRUNCATED_HMAC         =  4,
  /*STATUS_REQUEST         =  5,
    SIGNATURE_ALGORITHMS   = 13,*/
} TLSX_Type;

I saw that you added support for MAX_FRAGMENT_LENGTH and TRUNCATED_HMAC with the release of 2.8.0 which is very nice already.
Unfortunately I have the requirement to use TRUSTED_CA_KEYS as well as STATUS_REQUEST.

Are there plans to implement those TLS extensions in the (near) future?

What I'm wondering is that support for OCSP requests during TLS initialization is already implemented in wolfSSL (at least I thought so): Is this done via a stand-alone OCSP request and not via the TLS extension STATUS_REQUEST?

[1] http://tools.ietf.org/html/rfc6066

Regards,
Daniel

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 647

Re: TLS Extensions trusted_ca_keys and status_request

Hi Daniel,

I believe that your question was answered by Moises over email.  Is that correct?

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share

  • From: Germany
  • Registered: 2013-08-27
  • Posts: 24

Re: TLS Extensions trusted_ca_keys and status_request

Hi chrisc,

yes, I now know that adding those TLS extensions is on your roadmap and will be done sooner or later.

Regards
Daniel

Share