ocspbuilder icon indicating copy to clipboard operation
ocspbuilder copied to clipboard

Published 20 hours ago verified publisher icon wbond

Multiple certificates in response

Open dbrgn opened this issue 9 years ago • 2 comments

Does ocspbuilder already support multiple certificates in the response? To quote RFC 6960:

The response MUST include a SingleResponse for each certificate in the request.

dbrgn avatar Apr 11 '16 12:04 dbrgn

No, currently the builder does not support multiple certificates. The ASN.1 definitions from asn1crypto.ocsp do, but the API for this builder would need to be augmented to support multiple certificates in a few places.

wbond avatar Apr 11 '16 14:04 wbond

@dbrgn and @wbond (thanks for the repo :) I added multi cert response support to OCSPBuilder to conform with RFC6060, code is here: https://github.com/andrea-f/ocspbuilder, the tests in test_ocsp_response_builder.py are passing. I can't raise a PR but let me know what you think!!

For example a query consisting of:

$ openssl ocsp -issuer ./ca-cert.pem -cert ./1.pem -cert ./2.pem -cert ./3.pem -no_nonce -url http://localhost -noverify -header "Host" "localhost"

Yields:

./1.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT
./2.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT
./3.pem: good
	This Update: Nov 12 23:17:07 2018 GMT
	Next Update: Nov 19 23:17:07 2018 GMT

andrea-f avatar Nov 13 '18 00:11 andrea-f