1 (edited by Zeddi 2014-02-19 01:29:13)

Topic: [SOLVED] Stand-alone OCSP request without TLS connection possible?

Hello,

for my work I need to query an OCSP responder to verify whether a certificate has been revoked or not.
I understand that wolfSSL embedded SSL brings OCSP functionality, but as I see it, it's intended to be used only in a way of "OCSP stapling" (meaning that the OCSP request/response is sent during the TLS handshake).

The only OCSP-related functions mentioned in the manual are:
wolfSSL_CTX_OCSP_set_options
wolfSSL_CTX_OCSP_set_override_url

Internally, wolfSSL uses a lot more OCSP-related functions to query a responder and verify the response. With the correct #includes, I was able to build a working OCSP request without a TLS handshake.

My problem now is that the signature of the OCSP response is only verified if the responder includes a/its certificate.
I want to verify the signature from a response against a certificate which is already on my 'client' and not packed with the response.
I know I could change the code for verification to be available inside my application, but I guess that's not what WolfSSL has intended.

Any suggestions or thoughts on this are welcome!

Regards,
- Daniel

Share

Re: [SOLVED] Stand-alone OCSP request without TLS connection possible?

wolfSSL_CTX_OCSP_set_options() and wolfSSL_CTX_OCSP_set_override_url() are better seen as WOLFSSL_CTX functions supporting OCSP, not OCSP functions.

If you look in the header file ocsp.h, you'll see the standalone interface for OCSP. You'll need to include wolfssl/ocsp.h and wolfssl/internal.h (unfortunately, but there is an update planned to merge OCSP in with the stand-alone CertManager with CRL). You'd use it:

{
    int result = 0;
    WOLFSSL_OCSP ocsp;
    
    WOLFSSL_OCSP_init(&ocsp);
    WOLFSSL_OCSP_set_override_url(&ocsp, "http://otherResponder.example.com:8080");
    result = WOLFSSL_OCSP_Lookup_Cert(&ocsp, &dCert);
    WOLFSSL_OCSP_Cleanup(&ocsp);
}

Re: [SOLVED] Stand-alone OCSP request without TLS connection possible?

Thanks for the clarification John,

that's already the way I tried the OCSP lookup.
As I wrote, it basically worked but I had no chance to validate the signature in the OCSP reply against a certificate stored on my OCSP client. Note that the OCSP responder intentionally DID NOT attach the certificate to the response.
Because there is no certificate attached to the OCSP response, the validation is not triggered (excerpt from function DecodeBasicOcspResponse inside ctaocrypt/src/asn.c):

    /*
     * Check the length of the BasicOcspResponse against the current index to
     * see if there are certificates, they are optional.
     */
    if (idx < end_index)
    {
        ...
        ret = ConfirmSignature(resp->response, resp->responseSz,
                            cert.publicKey, cert.pubKeySize, cert.keyOID,
                            resp->sig, resp->sigSz, resp->sigOID, NULL);
        ...
    }

So my question is:
Is there a way to trigger OCSP response signature verification against a certificate which I am loading from the file system on the OCSP client?

Share

Re: [SOLVED] Stand-alone OCSP request without TLS connection possible?

To clarify "OCSP stapling", we do not support that yet. That involves a TLS Hello extension that we haven't added yet. We do the lookup when receiving the peer's certificate with the Certificates handshake message.

You've probably seen the change in our GitHub repository, but the OCSP interface has been changed to parallel the CRL interface. It no longer requires including the file internal.h.

The OCSP lookup currently only checks the signature against an attached CA certificate.