Re: [go-nuts] OCSP revocation checking before completing TLS handshake
On Thu, Apr 11, 2019, at 15:49, erikssonfili...@gmail.com wrote: > Using Go's standard TLS library this does not seem possible, as > tls.Dial does not seem to do any OCSP checking. Another possible > workaround would be to fetch the server certificate without > performing a handshake, then check revocation status, and if status > is OK, redo the handshake using tls.Dial, but I couldn't find a way > to do it in Go. You can use golang.org/x/crypto/ocsp [1] and create your own dialer which performs an OCSP request. You can also use this to parse any stapled responses which are returned by crypto/tls's OCSPResponse() method. [1]: https://godoc.org/golang.org/x/crypto/ocsp —Sam -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] OCSP revocation checking before completing TLS handshake
Hi, I am required to, using Go, as a client do OCSP revocation checking of server certificate before completing a TLS handshake, i.e [initiate handshake -> get server cert -> check revocation status -> if revoked abort], and not [initiate handshake -> complete handshake -> check revocation status] Using Go's standard TLS library this does not seem possible, as tls.Dial does not seem to do any OCSP checking. Another possible workaround would be to fetch the server certificate without performing a handshake, then check revocation status, and if status is OK, redo the handshake using tls.Dial, but I couldn't find a way to do it in Go. Any suggestions on how to solve this particular problem? Regards, Filip -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
