libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] Adding code for OCSP stapling


From: Tim Rühsen
Subject: Re: [libmicrohttpd] Adding code for OCSP stapling
Date: Tue, 16 Jul 2019 20:08:56 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

Hi Christian,

thanks for looking into it.

The requested changes have been made - I am not sure if they exactly
fit, so please have another look.

In libmicrohttpd.texi there is a section 'microhttpd-util' with an item
'MHD_FEATURE_HTTPS_CERT_CALLBACK'. Should we have a
'MHD_FEATURE_HTTPS_CERT_CALLBACK2' as well !?

Regards, Tim

On 16.07.19 18:06, Christian Grothoff wrote:
> Hi Tim,
> 
> The patch looks fine to me, just two things are missing:
> 1) Updated ChangeLog
> 2) Updated texinfo manual documenting the new option.
> 
> When you merge this into master, please also bump the MHD_VERSION in
> microhttpd.h.
> 
> happy hacking!
> 
> Christian
> 
> 
> On 7/16/19 3:23 PM, Tim Rühsen wrote:
>> Hi,
>>
>> for the GNU Wget2 GSOC project we needed the ability to test OCSP
>> stapling. I created an MR at Gitlab:
>> https://gitlab.com/libmicrohttpd/libmicrohttpd/merge_requests/1.
>>
>> Writing a test for this is a bit more work. It includes a valid CA
>> cert+key, a derived server cert. Additionally you need an OCSP responder
>> working with these certs and a client generate a OCSP request and the
>> ability to save the OCSP response. This response in turn is then used by
>> the test (MHD server side sends it to the client).
>>
>> GnuTLS has currently no API or tool to work as OCSP responder, so we
>> have to fallback to 'openssl ocsp' tool for this part.
>>
>> I suggest our student Kumar first writes a shell script to generate all
>> the needed files. With that we'll generate and add the DER/PEM blobs
>> plus the test to a second commit.
>>
>> Meanwhile you could comment on the MR above.
>>
>> Regards, Tim
>>
> 

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]