[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] Adding code for OCSP stapling
|
From: |
Tim Rühsen |
|
Subject: |
Re: [libmicrohttpd] Adding code for OCSP stapling |
|
Date: |
Tue, 16 Jul 2019 20:08:56 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
Hi Christian,
thanks for looking into it.
The requested changes have been made - I am not sure if they exactly
fit, so please have another look.
In libmicrohttpd.texi there is a section 'microhttpd-util' with an item
'MHD_FEATURE_HTTPS_CERT_CALLBACK'. Should we have a
'MHD_FEATURE_HTTPS_CERT_CALLBACK2' as well !?
Regards, Tim
On 16.07.19 18:06, Christian Grothoff wrote:
> Hi Tim,
>
> The patch looks fine to me, just two things are missing:
> 1) Updated ChangeLog
> 2) Updated texinfo manual documenting the new option.
>
> When you merge this into master, please also bump the MHD_VERSION in
> microhttpd.h.
>
> happy hacking!
>
> Christian
>
>
> On 7/16/19 3:23 PM, Tim Rühsen wrote:
>> Hi,
>>
>> for the GNU Wget2 GSOC project we needed the ability to test OCSP
>> stapling. I created an MR at Gitlab:
>> https://gitlab.com/libmicrohttpd/libmicrohttpd/merge_requests/1.
>>
>> Writing a test for this is a bit more work. It includes a valid CA
>> cert+key, a derived server cert. Additionally you need an OCSP responder
>> working with these certs and a client generate a OCSP request and the
>> ability to save the OCSP response. This response in turn is then used by
>> the test (MHD server side sends it to the client).
>>
>> GnuTLS has currently no API or tool to work as OCSP responder, so we
>> have to fallback to 'openssl ocsp' tool for this part.
>>
>> I suggest our student Kumar first writes a shell script to generate all
>> the needed files. With that we'll generate and add the DER/PEM blobs
>> plus the test to a second commit.
>>
>> Meanwhile you could comment on the MR above.
>>
>> Regards, Tim
>>
>
signature.asc
Description: OpenPGP digital signature