Add libtls functionality for OCSP, and OCSP stapling support - take 2

2016-08-22 Thread Bob Beck
On Tue, Jul 05, 2016 at 09:11:37PM -0600, Bob Beck wrote: > Ok, so this work was done by Marko Kreen, all as the result of a very long > discussion in: > > https://github.com/libressl-portable/openbsd/pull/47 > > In a nutshell, I threw down a glove that libtls could have functions to > support

Re: Add libtls functionality for OCSP, and OCSP stapling support

2016-07-11 Thread Marko Kreen
On Fri, Jul 08, 2016 at 07:20:32PM -0600, Bob Beck wrote: > One thing I am considering here (and for y'all to know, this is a > major API addition and won't > go in until after the soon upcoming openbsd release cycle happens). is > that the way > we have done this in the past with libtls is to

Re: Add libtls functionality for OCSP, and OCSP stapling support

2016-07-08 Thread Bob Beck
One thing I am considering here (and for y'all to know, this is a major API addition and won't go in until after the soon upcoming openbsd release cycle happens). is that the way we have done this in the past with libtls is to just - do the thing in the handshake and keep the data hidden in the

Re: Add libtls functionality for OCSP, and OCSP stapling support

2016-07-08 Thread Marko Kreen
On Wed, Jul 06, 2016 at 08:30:23PM +0900, kinichiro inoguchi wrote: > Hi, I have 2 questions about this implementation. > > 1) Can the OCSP client put multiple certificates to check in the request ? >like this. > > $ openssl

Re: Add libtls functionality for OCSP, and OCSP stapling support

2016-07-06 Thread kinichiro inoguchi
Hi, I have 2 questions about this implementation. 1) Can the OCSP client put multiple certificates to check in the request ? like this. $ openssl ocsp -reqin ocsp_req.der -req_text OCSP Request Data: Version: 1 (0x0)

Add libtls functionality for OCSP, and OCSP stapling support

2016-07-05 Thread Bob Beck
Ok, so this work was done by Marko Kreen, all as the result of a very long discussion in: https://github.com/libressl-portable/openbsd/pull/47 In a nutshell, I threw down a glove that libtls could have functions to support OCSP, and make it where a client could write ocsp stuff, but I would