curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl w/OpenSSL - OCSP_CERTID hash choice

From: Daniel Stenberg via curl-library <>
Date: Mon, 17 May 2021 17:50:58 +0200 (CEST)

On Sun, 16 May 2021, igorr+curl--- via curl-library wrote:

> Am I missing something here?
> If not, imvho, the "fix" in this particular case is somewhat involved -- for
> every OCSP_CERTID (#1) available in the stapled response, curl should
> construct its own OCSP_CERTID (#2) corresponding to the peer certificate
> based on the hash of #1 and use OCSP_resp_find_status() to locate the
> OCSP_CERTID in the response. And only after trying all of OCSP_CERTIDs in
> this fashion unsuccessfully should one reply with:

I'm not really updated with how OCSP stapling should be implemented so I'll
just take your word for that this is a sound way to do it.

  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
Received on 2021-05-17