[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libmicrohttpd] Adding code for OCSP stapling
|
From: |
Tim Rühsen |
|
Subject: |
[libmicrohttpd] Adding code for OCSP stapling |
|
Date: |
Tue, 16 Jul 2019 15:23:47 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
Hi,
for the GNU Wget2 GSOC project we needed the ability to test OCSP
stapling. I created an MR at Gitlab:
https://gitlab.com/libmicrohttpd/libmicrohttpd/merge_requests/1.
Writing a test for this is a bit more work. It includes a valid CA
cert+key, a derived server cert. Additionally you need an OCSP responder
working with these certs and a client generate a OCSP request and the
ability to save the OCSP response. This response in turn is then used by
the test (MHD server side sends it to the client).
GnuTLS has currently no API or tool to work as OCSP responder, so we
have to fallback to 'openssl ocsp' tool for this part.
I suggest our student Kumar first writes a shell script to generate all
the needed files. With that we'll generate and add the DER/PEM blobs
plus the test to a second commit.
Meanwhile you could comment on the MR above.
Regards, Tim
signature.asc
Description: OpenPGP digital signature
- [libmicrohttpd] Adding code for OCSP stapling,
Tim Rühsen <=