1 (edited by SaravananG 2019-07-02 01:43:30)

Topic: WolfSSL API for OCSP stapling check

Hello,
I would like to know the wolfssl api for ocsp stapling check request from client to server.
1. I can see there are APIs defined, as EnableOCSP stapling and UseOCSPstapling...which one to be used? Also i can see UseOCSPstaplingV2.
2. Can these APIs,  return the certificate status..?

Thanks

Share

Re: WolfSSL API for OCSP stapling check

Does anyone implemented OCSP stapling check request at client side ? please reply.

Share

Re: WolfSSL API for OCSP stapling check

Hi @SaravananG,

Thank you for reaching out to wolfSSL via the forums. Can you tell us a bit about your project and organization to help us understand your use-case and needs?

Yes wolfSSL implements OCSP stapling on the client side. We provide an example of using it with our examples:

$ cd wolfssl/
$ ./configure --enable-ocspstapling
$ make
$ ./examples/client/client -C -h <domain/IP of server> -p <port number> -A <The CA cert to use> -g -W 1

Where -C forcefully disables CRL if it's enabled in favor of OSCP stapling, -g says to do a HTTP GET request and -W 1 says to use OCSP stapling v1 (use -W 2 for OCSP stapling version 2)

Regards,

KH

Re: WolfSSL API for OCSP stapling check

Hello Kaleb,

Thanks for the reply.

Currently we are using WolfSSL 4.0.0 with TLS 1.3 and would like to enable OCSP stapling.
we are using C language in the project.

When i gothrough the Client.c file in WolfSSL/examples, i could see
- wolfSSL_CTX_EnableOCSPStapling
- wolfSSL_UseOCSPStapling

are used in client side.

Can you clarify whether these functions are enough to invoke the status request ?

Share

Re: WolfSSL API for OCSP stapling check

SaravananG,

Please use:

wolfSSL_CTX_EnableOCSPStapling()
wolfSSL_UseOCSPStapling()
wolfSSL_CTX_EnableOCSP()

Warm Regards,

KH