luaossl icon indicating copy to clipboard operation
luaossl copied to clipboard

Published 20 hours ago verified publisher icon wahern

Support OCSP

Open daurnimator opened this issue 9 years ago • 0 comments

  • [x] Way to read OCSP url from cert (related to #12)

To implement an OCSP validating client

  • [x] Way to call SSL_set_tlsext_status_type(mySSL, TLSEXT_STATUSTYPE_ocsp) on an SSL object before handshake is started
  • [x] Binding to SSL_get_tlsext_status_ocsp_resp

To implement OCSP stapling on a server:

  • [ ] Binding to SSL_CTX_set_tlsext_status_cb
  • [x] Binding to SSL_set_tlsext_status_ocsp_resp

To implement an OCSP responder:

Functions for OCSP responders. OCSP_request_onereq_count(), OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() extract information from a certificate request. OCSP_response_create() creates a response and optionally adds a basic response structure. OCSP_basic_add1_status() adds a complete single response to a basic response and returns the OCSP_SINGLERESP structure just added (to allow extensions to be included for example). OCSP_basic_add1_cert() adds a certificate to a basic response and OCSP_basic_sign() signs a basic response with various flags.

Docs

  • https://www.openssl.org/docs/manmaster/man3/SSL_set_tlsext_status_type.html

daurnimator avatar Jan 03 '16 12:01 daurnimator