cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [WIP/RFC] Certificate Status Request (aka OCSP stapling)

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Wed, 25 Jun 2014 11:47:39 +0200

On mar, giu 24, 2014 at 06:11:22 -0700, Von Hawkins wrote:
> Sorry about the top posting. I can't figure out how to do inline on this
> phone.
>
> What is your environment. If windows I have the NSS libs. I
> can send some basic instructions for creating a usable db.

In the end I was able to create a db myself, and surprisingly enough, the NSS
OCSP stapling support seems to actually work.

> OpenSSL problem looks a lot like a trust chain problem. Do you access to the
> certain in the chain?

Well, that's the thing... I have no idea. OCSP_basic_verify() needs a X509_STORE
which I get by calling SSL_CTX_get_cert_store(), and a STACK_OF(X509) which I
get using SSL_CTX_get_extra_chain_certs(), but I don't know if that's correct.

Cheers

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/pgp-signature attachment: Digital signature

Received on 2014-06-25

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Read and write on the same cURL handle"
Previous message: Von Hawkins: "Re: [WIP/RFC] Certificate Status Request (aka OCSP stapling)"
In reply to: Von Hawkins: "Re: [WIP/RFC] Certificate Status Request (aka OCSP stapling)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]