On 03/01/2016 02:19 PM, Martin Thomson wrote:
AIUI, support for stapling in NSS is pretty primitive. You are expected to make the OCSP query yourself and use the API to configure the server.
IIRC the API to fetch the ocsp response is mostly application code. NSS has a simple http request function that can fetch the request if the application doesn't supply one (which doesn't know about proxies, etc.). You could override the http fetch function, then validate your cert change and squirrel way the OCSP response before you pass it off to NSS. That's probably the simplest way of getting it.
I think You just need the blob, not the parsed blob. bob
On Mar 2, 2016 7:42 AM, "Rob Crittenden" <[email protected]> wrote:I don't see a way to implement OCSP stapling on the server side. SSL_SetStapledOCSPResponses() is I think what one would use to set the response in the SSL session but I don't see a way to get the response from the OCSP handler. At least, I don't see a way without implementing my own status checker and overriding statusConfig->statusChecker ala CERT_EnableOCSPChecking(). Am I missing something? thanks rob -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
