Skip to content

Commit 67d2ea2

Browse files
julek-wolfssljulek-wolfssl
committed
Implement OCSP responder
OCSP Responder Core API: - Add new public API for creating and managing an OCSP responder - Add public wrappers for internal OCSP request/response functions - OcspRespCheck: fix check when authorized responder is loaded into CM Header Cleanup: - Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h OCSP Responder Example (examples/ocsp_responder/): - Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client Test Scripts (scripts/): - ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client - ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling Certificate Infrastructure (certs/ocsp/): - Add DER-format certificates and keys for OCSP testing - Update renewcerts.sh to generate DER versions Known Limitations (documented in src/ocsp.c header comment): - Single request/response per OCSP exchange only - Key-hash responder ID only (no name-based responder ID) - No singleExtensions support
1 parent 3a1aa83 commit 67d2ea2

52 files changed

Lines changed: 4810 additions & 219 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/os-check.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ jobs:
8686
'--enable-all CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''',
8787
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"',
8888
'--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
89+
'--enable-ocsp --enable-ocsp-responder',
8990
]
9091
name: make check
9192
if: github.repository_owner == 'wolfssl'

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ examples/sctp/sctp-client
7070
examples/sctp/sctp-client-dtls
7171
examples/asn1/asn1
7272
examples/pem/pem
73+
examples/ocsp_responder/ocsp_responder
7374
server_ready
7475
snifftest
7576
output

certs/ocsp/intermediate1-ca-cert.der

1.24 KB
Binary file not shown.

certs/ocsp/intermediate1-ca-key.der

1.17 KB
Binary file not shown.

certs/ocsp/intermediate2-ca-cert.der

1.24 KB
Binary file not shown.

certs/ocsp/intermediate2-ca-key.der

1.16 KB
Binary file not shown.

certs/ocsp/intermediate3-ca-cert.der

1.24 KB
Binary file not shown.

certs/ocsp/intermediate3-ca-key.der

1.16 KB
Binary file not shown.

certs/ocsp/ocsp-responder-cert.der

1.19 KB
Binary file not shown.

certs/ocsp/ocsp-responder-key.der

1.16 KB
Binary file not shown.

0 commit comments

Comments
 (0)