[openssl-users] OCSP signature verification

Verhelst Wouter (Consultant) Wouter.Verhelst at fedict.be
Tue Dec 1 13:58:13 UTC 2015

Hi folks,

I'm trying to write an application that needs to verify the validity of data on a smartcard. That data is signed with an RSA key for which a certificate exists on the card; but if the card is stolen or lost, the certificate will be revoked, so I want to ensure that the certificate is valid. I'm doing an OCSP request to take care of that.

Since OpenSSL's own OCSP_sendreq_* functions don't support HTTP proxies, I'm currently using libcurl to send the request to the OCSP endpoint. This seems to work; when I get the reply and use d2i_OCSP_RESPONSE(), then with things like OCSP_response_status() and OCSP_resp_find_status() and friends I can manage to get the status of the request and a given certificate.

However, that doesn't do signature verification. I believe that I should use OCSP_basic_verify() for that, but I'm not entirely sure whether that is the case, and if so whether I would need to do some additional checks beforehand. Unfortunately, I can't find any documentation on OCSP_basic_verify().

I should note that due to the nature of my needs, I have a rather huge set of valid intermediate CAs, but a fairly limited set of root CAs that can be used for valid cards (that is, if the signature validates but it wasn't signed by any of the CAs under one of my limited set of roots, the card is a forgery and should be rejected as invalid).

A few questions:
- Am I right in assuming that OCSP_basic_verify will check the signature on the OCSP request?
- In "OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags)", I'm not entirely certain of what the "st" argument is meant to contain, and can't figure out the "certs" one. Pouring over the code, I believe the "st" argument should allow me to limit validation to my set of root certificates, but I could be mistaken. As for the "certs" one, I can't understand that one at all. The only thing I can think of is that maybe it should contain the issuer certificate that I used for the original request, but then why is it a STACK_OF(X509)* and not just an X509*? What am I missing?

Thanks for any help,

Wouter Verhelst

More information about the openssl-users mailing list