Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: curl w/OpenSSL - OCSP_CERTID hash choice
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 17 May 2021 17:50:58 +0200 (CEST)
On Sun, 16 May 2021, igorr+curl--- via curl-library wrote:
> Am I missing something here?
>
> If not, imvho, the "fix" in this particular case is somewhat involved -- for
> every OCSP_CERTID (#1) available in the stapled response, curl should
> construct its own OCSP_CERTID (#2) corresponding to the peer certificate
> based on the hash of #1 and use OCSP_resp_find_status() to locate the
> OCSP_CERTID in the response. And only after trying all of OCSP_CERTIDs in
> this fashion unsuccessfully should one reply with:
I'm not really updated with how OCSP stapling should be implemented so I'll
just take your word for that this is a sound way to do it.
Date: Mon, 17 May 2021 17:50:58 +0200 (CEST)
On Sun, 16 May 2021, igorr+curl--- via curl-library wrote:
> Am I missing something here?
>
> If not, imvho, the "fix" in this particular case is somewhat involved -- for
> every OCSP_CERTID (#1) available in the stapled response, curl should
> construct its own OCSP_CERTID (#2) corresponding to the peer certificate
> based on the hash of #1 and use OCSP_resp_find_status() to locate the
> OCSP_CERTID in the response. And only after trying all of OCSP_CERTIDs in
> this fashion unsuccessfully should one reply with:
I'm not really updated with how OCSP stapling should be implemented so I'll
just take your word for that this is a sound way to do it.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://www.wolfssl.com/contact/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2021-05-17