serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lieven Govaerts <>
Subject Re: Merge the ocsp-verification branch to trunk?
Date Fri, 20 Jan 2017 12:38:28 GMT
On Sat, Jan 14, 2017 at 5:39 PM, Branko ─îibej <> wrote:
> I think the ocsp-verification branch is ready to be merged to trunk.
> Here's the branch doc:
> I've succesfully integrated the OCSP request creation and response
> verification into a fairly complex but, sadly, closed-source application
> and tested it against OpenSSL's OCSP responder implementation.
> Everything seems OK.
> Unfortunately, I'm not sure how to add unit tests for the actual request
> creation and response parsing; any suggestions towards that would be
> appreciated.

I've started working on integrating "OCSP Stapling" in the mock HTTPS
server in the test framework, but I didn't get very far yet.

You can check current status in the test:
test_ssl_ocsp_response_error_and_override :

Basically you enable OCSP stapling support on the server with:

    ConfigServerWithID("server", WithOCSPEnabled)
That configures the ocspStatusCallback function to be used in the https server .

And then start the OCSP responder with:

You can then initiate the OCSP responder to respond in certain ways to
incoming requests:

That's more or less where I got. To complete it, basically an OCSP
request/response server needs to be implemented. Relevant functions

I seem to remember that I used the OpenSSL OCSP test responder as
example, but as you can see I didn't complete it.

> However, I don't think the lack of tests should block the
> merge to trunk; tests can always be written later, and in the meantime
> you can take my word for it that it works. :)

He, luckily we know you :) .


> -- Brane

View raw message