[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Adding code for OCSP stapling
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] Adding code for OCSP stapling |
|
Date: |
Tue, 16 Jul 2019 18:06:20 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 |
Hi Tim,
The patch looks fine to me, just two things are missing:
1) Updated ChangeLog
2) Updated texinfo manual documenting the new option.
When you merge this into master, please also bump the MHD_VERSION in
microhttpd.h.
happy hacking!
Christian
On 7/16/19 3:23 PM, Tim Rühsen wrote:
> Hi,
>
> for the GNU Wget2 GSOC project we needed the ability to test OCSP
> stapling. I created an MR at Gitlab:
> https://gitlab.com/libmicrohttpd/libmicrohttpd/merge_requests/1.
>
> Writing a test for this is a bit more work. It includes a valid CA
> cert+key, a derived server cert. Additionally you need an OCSP responder
> working with these certs and a client generate a OCSP request and the
> ability to save the OCSP response. This response in turn is then used by
> the test (MHD server side sends it to the client).
>
> GnuTLS has currently no API or tool to work as OCSP responder, so we
> have to fallback to 'openssl ocsp' tool for this part.
>
> I suggest our student Kumar first writes a shell script to generate all
> the needed files. With that we'll generate and add the DER/PEM blobs
> plus the test to a second commit.
>
> Meanwhile you could comment on the MR above.
>
> Regards, Tim
>
signature.asc
Description: OpenPGP digital signature