Re: [go-nuts] Is OCSP Stapling supported in Go? If so, how?

2022-12-19 Thread 'Sean Liao' via golang-nuts 
The standard library itself doesn't do it, but it does provide you with
hooks to do so.
Set crypto/tls.Config.GetCertificate to an appropriate implementation of
OCSP stapling.
Examples of ocsp stapling can be found via the package discovery site:
https://pkg.go.dev/search?q=ocsp+staple

- sean


On Mon, Dec 19, 2022 at 7:31 PM John Wayne  wrote:

> I tried to google this for a while now, and all I find regarding this
> topic is: https://groups.google.com/g/golang-nuts/c/QC5FOysyVxg
>
> This is already many years old, and to me it seems like there is code
> inside Go which allows to perform server side OCSP stapling. However, I am
> unable to find out *how* one would use this. Does this just work
> transparently in the background, all done by the Go library itself, or does
> the developer need to take measures when implementing an HTTP server using
> Go?
>
> I would test this out myself, but testing whether or not a given server
> provides the OCSP response in the handshake is not exactly trivial, since
> you would need to have a proper certificate with a working OCSP responder
> set up, which I don't.
>
> So I would really appreciate if someonce could shed a bit of light on this
> topic for me.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to golang-nuts+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/golang-nuts/99634c56-6357-48b8-887f-9d27067182fan%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/CAGabyPou1ocoiKxAK0CPVDZ1C9UJnftqEhLnq61W_16gkm%2BbQg%40mail.gmail.com.

[go-nuts] Is OCSP Stapling supported in Go? If so, how?

2022-12-19 Thread John Wayne 
I tried to google this for a while now, and all I find regarding this topic 
is: https://groups.google.com/g/golang-nuts/c/QC5FOysyVxg

This is already many years old, and to me it seems like there is code 
inside Go which allows to perform server side OCSP stapling. However, I am 
unable to find out *how* one would use this. Does this just work 
transparently in the background, all done by the Go library itself, or does 
the developer need to take measures when implementing an HTTP server using 
Go?

I would test this out myself, but testing whether or not a given server 
provides the OCSP response in the handshake is not exactly trivial, since 
you would need to have a proper certificate with a working OCSP responder 
set up, which I don't.

So I would really appreciate if someonce could shed a bit of light on this 
topic for me.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/99634c56-6357-48b8-887f-9d27067182fan%40googlegroups.com.