full-chain ocsp stapling
matt at openssl.org
Fri Oct 11 08:57:19 UTC 2019
On 10/10/2019 22:53, Jeremy Harris wrote:
> On 01/10/2019 12:21, Jeremy Harris wrote:
>> I'm using the indexfile variant. It seems that the -CA argument
>> needs to be the signer of the cert, not the CA for the chain; and
>> you cannot give -CA multiple times. So you don't get good OCSP status
>> for all elements in the chain:
>> $ openssl ocsp -sha256 -no_nonce -issuer $CADIR/Signer.pem -cert
>> $leafcert -issuer $CADIR/CA.pem -cert $CADIR/Signer.pem -cert
>> $CADIR/CA.pem -reqout $REQ -req_text
> Further experimentation finds that the "-CA" argument can be
> a PEM with multiple issuers, and this gets me a resp with all
> of the Cert Status values "good" rather than some "unknown".
> [ The "openssl ocsp" manpage could possibly use more info
> on the situation ]
> However, in trying to use that, I'm now less certain it was what
> was wanted. It results in a server TLS1.3 Certificates record
> having a single extension, placed after the first certificate
> of the three bundled in my testcase (leaf, signer, root).
> The extension is a certificate-status with three single-response
> This contrasts with the situation I had developed using GnuTLS
> (which accepts a multi-PEM file for proofs); it placed an extension
> with a single status after each of the three certificates.
OpenSSL does not currently support that. You can only place a status response
after the first certificate.
> Are both layouts of the TLS1.3 Certificates record valid?
> FWIW, feeding this same multi-resp to GnuTLS makes it bahave
> the same way as OpenSSL. The triplet of single-responses is
> _also_ visible in a TLS1.2 Certificate Status record.
More information about the openssl-users