Update openssl bindings to allow server side OCSP stapling

pyca / cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

https://cryptography.io

Other

6.55k stars 1.5k forks source link

Update openssl bindings to allow server side OCSP stapling #1864

Closed adiroiban closed 9 years ago

adiroiban commented 9 years ago

This is the server side for #1863

I could not find public docs

I found code in OpenSSL sample server

https://github.com/openssl/openssl/blob/master/apps/s_server.c#L2131

SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);

# callback signature
static int cert_status_cb(SSL *s, void *arg);

# Set response in callback based on OCSP response
rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);

alex commented 9 years ago

Missing things:

[x] SSL_CTX_set_tlsext_status_cb
[ ] i2d_OCSP_RESPONSE
[x] SSL_set_tlsext_status_ocsp_resp

adiroiban commented 9 years ago

Do we need i2d_OCSP_RESPONSE ? As a start maybe we can use asn1 python module to serialized the response.

alex commented 9 years ago

This didn't end up including i2d_OSCP_RESPONSE but I'm still leaving this closed. Feel free to oepn a new issue if you think we should add it.