Both Linux and Windows perform similar checks.

renewiltord · on Nov 12, 2020

Do you know of a Wireshark filter that will reveal this on Ubuntu? What you're saying doesn't sound credible, but to incentivize, here's the bet:

If you can provide a Wireshark filter that will show a certificate check on a vanilla Ubuntu 20.04 system when the following commands are executed in a bash shell, then I will donate $25 to a charity of your choice. Commands follow:

    cat <<HEREDOC >/tmp/file.c
    #include <stdio.h>

    int main() {
      printf("Hello World");
      return 0;
    }
    HEREDOC
    gcc /tmp/file.c -o /tmp/app
    /tmp/app

loeg · on Nov 12, 2020

I'm sure Linux (the kernel) does not. I don't know of any Linux distro that does, but, I'd be curious if you can point to specifics.

If you could point to any documentation of Windows performing app-start OCSP checks, I'd love to learn more (and recant my earlier statement).

Rebelgecko · on Nov 12, 2020

That's a rather extraordinary claim. It's really setting off my BS meter- Can you show us where the code is to do that in the Linux kernel?

heavyset_go · on Nov 12, 2020

No, Linux does not.

Linux does provide application-level and per-application security, as well as sandboxes, but they exist to help the user and the user has complete control over them and their system.

vcxy · on Nov 12, 2020

I assure you my Linux machines do not.

stevenhuang · on Nov 13, 2020

The comment you are replying to states other OS' do not have this failure mode so your response is quite the non-sequitur, nevermind of questionable veracity (linux).