On 20.01.2017 13:38, Lieven Govaerts wrote: > On Sat, Jan 14, 2017 at 5:39 PM, Branko Čibej <br...@apache.org> wrote: >> I think the ocsp-verification branch is ready to be merged to trunk. >> Here's the branch doc: >> >> https://svn.apache.org/repos/asf/serf/branches/ocsp-verification/BRANCH-README >> >> >> I've succesfully integrated the OCSP request creation and response >> verification into a fairly complex but, sadly, closed-source application >> and tested it against OpenSSL's OCSP responder implementation. >> Everything seems OK. >> >> Unfortunately, I'm not sure how to add unit tests for the actual request >> creation and response parsing; any suggestions towards that would be >> appreciated. > > I've started working on integrating "OCSP Stapling" in the mock HTTPS > server in the test framework, but I didn't get very far yet. > > You can check current status in the test: > test_ssl_ocsp_response_error_and_override : > > Basically you enable OCSP stapling support on the server with: > > ConfigServerWithID("server", WithOCSPEnabled) > That configures the ocspStatusCallback function to be used in the https > server . > > > And then start the OCSP responder with: > SetupOCSPResponder(WithPort(12345)) > > You can then initiate the OCSP responder to respond in certain ways to > incoming requests: > OCSPRequest(MatchAny) > Respond(WithOCSPResponseStatus(mhOCSPRespnseStatusInternalError)) > > > That's more or less where I got. To complete it, basically an OCSP > request/response server needs to be implemented. Relevant functions > are: > ocspStatusCallback > ocspCreateResponse > > I seem to remember that I used the OpenSSL OCSP test responder as > example, but as you can see I didn't complete it.
Thanks, this is very useful. >> However, I don't think the lack of tests should block the >> merge to trunk; tests can always be written later, and in the meantime >> you can take my word for it that it works. :) > He, luckily we know you :) . You hope. :) -- Brane
