• Registered: 2024-03-29
  • Posts: 2

Topic: OCSP Stapling

Hello,
I am trying to setup a POC using OCSP stapling feature implemented in WolfSSL lib
The client has to check the validity of server certificate, then the server has to attach with its certificate the OCSP response.
I don’t want specify an URL for OCSP responder because I want to simulate the OCSP answer and so manage that directly into the server’s code.
To do that I am looking the APIs to use on server side to upload the simulated OCSP answer into the SSL session.
I didn’t find any APIs in API index neither in “OCSP Support web page”
Do you have any idea/recommendation to implement that …
By advance thanks

Share

2 Reply by marco (edited by marco 2024-09-04 01:49:26)

  • Registered: 2022-11-02
  • Posts: 6

Re: OCSP Stapling

Hello,

You can add a custom OCSP answer by specifying a custom OCSP lookup callback with `wolfSSL_CTX_SetOCSP_Cb`.
The custom callback can analyze the URL and the request and provide a custom OCSP response.
For example to provide always the same ocsp response you can use:

```
uint8_t static_ocsp_response[] = { /* OCSP response bytes */ };
int ocsp_response_cb(void* Ioctx, const char* url, int urlSz,
              unsigned char* req, int reqSize, unsigned char**resp)
{
    *resp = static_ocsp_response;
    return sizeof(static_ocsp_response);
}

```

I attached a small PoC on how to use the custom cb to provide a static ocsp response.

Regards,
Marco

Post's attachments

ocsp_static_resp_example.tar.gz 80 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share