Hi list,
I'm implementing OCSP stapling for wget2 with OpenSSL. And I was
wondering if there's a better way.
The way I'm doing this currently is by letting the handshake complete
normally and check the received OCSP responses (stapled or not) at the
end. Then, if OCSP does not verify, I close the connection.
I.e. something like the following:
do {
retval = SSL_connect(ssl);
/* <snip> */
} while (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE);
if (retval <= 0) {
/* Error - tell the user and exit */
/* <snip> */
goto bail;
}
/* Check the OCSP response here */
ocsp_stap_length = SSL_get_tlsext_status_ocsp_resp(ssl, &ocsp_resp);
certs = SSL_get_peer_cert_chain(ssl);
if (!check_ocsp(ssl, certs, ocsp_resp)) {
/* Error - OCSP cannot be verified */
goto bail;
}
The specs (RFC 6960 and RFC 6066) are not clear on whether how a
non-conforming OCSP response should be handled: by sending an alert and
aborting the handshake,
or by closing the connection after the handshake has successfully
completed. Please correct me if I'm wrong here.
I'm currently doing the second one out of a purely technical lack of
knowledge on how to do the first one, but I believe the first one would
be cleaner.
Previously, I would register a callback function with
X509_STORE_set_verify_cb() and perform the OCSP checking there. This
worked for traditional OCSP (RFC 6960). However it will not work for
stapled OCSP, because that callback function is called after the
certificates are read, but before the stapled OCSP is read.
I was wondering if a hook point exists that would allow me to do this
just before ChangeCipherSpec is sent by the client,
as, at that point, all the information should already be available.
TL;DR I want to hook at a point just before SSL_connect() returns.
