full-chain ocsp stapling

Jeremy Harris jgh at wizmail.org
Thu Oct 10 21:53:21 UTC 2019

On 01/10/2019 12:21, Jeremy Harris wrote:
> I'm using the indexfile variant.  It seems that the -CA argument
> needs to be the signer of the cert, not the CA for the chain; and
> you cannot give -CA multiple times.  So you don't get good OCSP status
> for all elements in the chain:

> $ openssl ocsp -sha256 -no_nonce -issuer $CADIR/Signer.pem -cert
> $leafcert -issuer $CADIR/CA.pem -cert $CADIR/Signer.pem -cert
> $CADIR/CA.pem -reqout $REQ -req_text

Further experimentation finds that the "-CA" argument can be
a PEM with multiple issuers, and this gets me a resp with all
of the Cert Status values "good" rather than some "unknown".

   [ The "openssl ocsp" manpage could possibly use more info
     on the situation ]

However, in trying to use that, I'm now less certain it was what
was wanted.  It results in a server TLS1.3 Certificates record
having a single extension, placed after the first certificate
of the three bundled in my testcase (leaf, signer, root).
The extension is a certificate-status with three single-response
This contrasts with the situation I had developed using GnuTLS
(which accepts a multi-PEM file for proofs); it placed an extension
with a single status after each of the three certificates.

Are both layouts of the TLS1.3 Certificates record valid?

FWIW, feeding this same multi-resp to GnuTLS makes it bahave
the same way as OpenSSL.  The triplet of single-responses is
_also_ visible in a TLS1.2 Certificate Status record.


More information about the openssl-users mailing list