[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | information leak with ocsp validation (#664)
|
From: |
@rockdaboot |
|
Subject: |
Re: wget2 | information leak with ocsp validation (#664) |
|
Date: |
Sun, 12 May 2024 17:54:10 +0000 |
Tim Rühsen commented:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1901830829
That's a great point!
It's many years ago that I wrote that OCSP code but I am pretty sure not have
thought about privacy concerns back then :|
> I think that if the server staples an ocsp response, the first intermediate
> certificate is not validated
Nice catch :)
Btw, do you know whether OCSP multi-stapling is a thing in the real world? Just
looked at my old code and thought about it...
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1901830829
You're receiving this email because of your account on gitlab.com.
- wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/11
- Re: wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/11
- Re: wget2 | information leak with ocsp validation (#664),
@rockdaboot <=
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/12
- Re: wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/12
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/19
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/19
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/20
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/20