Re: server-side OCSP stapling

On Tue, 2016-03-01 at 17:19 -0800, Robert Relyea wrote: > IIRC the API to fetch the ocsp response is mostly application code. NSS  > has a simple http request function that can fetch the request if the  > application doesn't supply one (which doesn't know about proxies, etc.).  > You could

Re: server-side OCSP stapling

On 03/01/2016 02:19 PM, Martin Thomson wrote: AIUI, support for stapling in NSS is pretty primitive. You are expected to make the OCSP query yourself and use the API to configure the server. IIRC the API to fetch the ocsp response is mostly application code. NSS has a simple http request

Re: server-side OCSP stapling

AIUI, support for stapling in NSS is pretty primitive. You are expected to make the OCSP query yourself and use the API to configure the server. On Mar 2, 2016 7:42 AM, "Rob Crittenden" wrote: > I don't see a way to implement OCSP stapling on the server side. > >

server-side OCSP stapling

I don't see a way to implement OCSP stapling on the server side. SSL_SetStapledOCSPResponses() is I think what one would use to set the response in the SSL session but I don't see a way to get the response from the OCSP handler. At least, I don't see a way without implementing my own status