full-chain ocsp stapling
jgh at wizmail.org
Thu Oct 10 21:53:21 UTC 2019
On 01/10/2019 12:21, Jeremy Harris wrote:
> I'm using the indexfile variant. It seems that the -CA argument
> needs to be the signer of the cert, not the CA for the chain; and
> you cannot give -CA multiple times. So you don't get good OCSP status
> for all elements in the chain:
> $ openssl ocsp -sha256 -no_nonce -issuer $CADIR/Signer.pem -cert
> $leafcert -issuer $CADIR/CA.pem -cert $CADIR/Signer.pem -cert
> $CADIR/CA.pem -reqout $REQ -req_text
Further experimentation finds that the "-CA" argument can be
a PEM with multiple issuers, and this gets me a resp with all
of the Cert Status values "good" rather than some "unknown".
[ The "openssl ocsp" manpage could possibly use more info
on the situation ]
However, in trying to use that, I'm now less certain it was what
was wanted. It results in a server TLS1.3 Certificates record
having a single extension, placed after the first certificate
of the three bundled in my testcase (leaf, signer, root).
The extension is a certificate-status with three single-response
This contrasts with the situation I had developed using GnuTLS
(which accepts a multi-PEM file for proofs); it placed an extension
with a single status after each of the three certificates.
Are both layouts of the TLS1.3 Certificates record valid?
FWIW, feeding this same multi-resp to GnuTLS makes it bahave
the same way as OpenSSL. The triplet of single-responses is
_also_ visible in a TLS1.2 Certificate Status record.
More information about the openssl-users