openssl
openssl copied to clipboard
ruby
OCSP stapling support
This is an initial implementation of OCSP stapling support, intended to work with MongoDB.
So far I tested it on login.live.com using the following script:
require 'byebug'
require 'openssl'
OpenSSL.debug = true
host = 'login.live.com:443'
s = TCPSocket.open(*host.split(':'))
context = OpenSSL::SSL::SSLContext.new
context.status_cb = lambda do |socket, resp|
#byebug
true
end
ss = OpenSSL::SSL::SSLSocket.new(s, context)
ss.hostname = host.split(':').first
ss.status_type = 1
puts 'conn'
ss.connect
p ss.peer_cert
What kind of test coverage and other changes are needed to get this merged?
Resources used to implement:
- https://www.openssl.org/docs/man1.1.0/man3/SSL_set_tlsext_status_type.html
- https://stackoverflow.com/questions/9607516/openssl-certificate-revocation-check-in-client-program-using-ocsp-stapling
- https://unmitigatedrisk.com/?p=100
I requested improved diagnostics from openssl in https://github.com/openssl/openssl/issues/12735.