Description of problem:
Originally reported at:
... That said I also reproduced the issue; the fault is with the older
version, as it requires a CertificateStatus message if ServerHello
included the (empty) "status_request" extension, although RFC 6066
Note that a server MAY also choose not to send a "CertificateStatus"
message, even if has received a "status_request" extension in the
client hello message and has sent a "status_request" extension in the
server hello message.
So the new gnutls code doesn't do anything wrong by replying with an
empty "status_request" extension, even if there is no chance of sending
a CertificateStatus message, just the old versions can't handle it.
The new version handles this by passing optional = 1 in the call to
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.