Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for OCSP Stapling to OpenSSL I/O Handler #19

Open
rlebeau opened this issue Aug 2, 2018 · 0 comments
Open

Add support for OCSP Stapling to OpenSSL I/O Handler #19

rlebeau opened this issue Aug 2, 2018 · 0 comments
Labels
Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants Status: Deferred Issue to be re-reviewed in a future release Type: Enhancement Issue is proposing a new feature/enhancement

Comments

@rlebeau
Copy link
Member

rlebeau commented Aug 2, 2018

See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_tlsext_status_cb.html

In a nutshell:

  • On the client side, prior to starting a SSL/TLS handshake, call SSL_CTX_set_tlsext_status_cb() to enable a status callback function, and SSL_set_tlsext_status_type(TLSEXT_STATUSTYPE_ocsp) to request OCSP from the server. The callback function can then use SSL_get_tlsext_status_ocsp_resp() and d2i_OCSP_RESPONSE() to access the server's OCSP response data.

  • On the server side, call SSL_CTX_set_tlsext_status_cb() to enable a status callback function. The callback function can then use SSL_get_certificate() to access the certificate that is being sent to the client, obtain the desired OCSP response to be sent back as needed, and finally use SSL_set_tlsext_status_ocsp_resp() to include that response data with the certificate.
@rlebeau rlebeau added Type: Enhancement Issue is proposing a new feature/enhancement Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants labels Aug 2, 2018
@rlebeau rlebeau added the Status: Deferred Issue to be re-reviewed in a future release label Apr 26, 2023
@rlebeau rlebeau transferred this issue from IndySockets/Indy Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Element: SSL/TLS Issues related to SSL/TLS handling, TIdSSLIOHandlerSocketBase and descendants Status: Deferred Issue to be re-reviewed in a future release Type: Enhancement Issue is proposing a new feature/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rlebeau