Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: Implement TLS Feature extension #13074
The TLS Feature extension (RFC 7633) allows certificates to specify TLS features that must be used in handshakes that include the certificate. This allows implementation of "OCSP must-staple" which requires an OCSP response to be stapled into the handshake in order for it to be valid.
This would just be a change to client chain/handshake verification, I don't believe that any fields or methods need to be exposed.
For the moment OCSP stapling isn't really supported as a client in Go and the TLS Feature extension doesn't see enough use to be considered for Go. Go generally (and deliberately) trails other implementations in this sort of thing because things like browsers are a better testing ground.
I'm closing this, not because we would never support this, but because the bug tracker is a to-do list and I feel that this entry is currently premature.