cURL / Mailing Lists / curl-library / Single Mail


Re: [WIP/RFC] Certificate Status Request (aka OCSP stapling)

From: Alessandro Ghedini <>
Date: Wed, 25 Jun 2014 11:47:39 +0200

On mar, giu 24, 2014 at 06:11:22 -0700, Von Hawkins wrote:
> Sorry about the top posting. I can't figure out how to do inline on this
> phone.
> What is your environment. If windows I have the NSS libs. I
> can send some basic instructions for creating a usable db.

In the end I was able to create a db myself, and surprisingly enough, the NSS
OCSP stapling support seems to actually work.

> OpenSSL problem looks a lot like a trust chain problem. Do you access to the
> certain in the chain?

Well, that's the thing... I have no idea. OCSP_basic_verify() needs a X509_STORE
which I get by calling SSL_CTX_get_cert_store(), and a STACK_OF(X509) which I
get using SSL_CTX_get_extra_chain_certs(), but I don't know if that's correct.


List admin:

Received on 2014-06-25