full-chain ocsp stapling

Matt Caswell matt at openssl.org
Fri Oct 11 08:57:19 UTC 2019

On 10/10/2019 22:53, Jeremy Harris wrote:
> On 01/10/2019 12:21, Jeremy Harris wrote:
>> I'm using the indexfile variant.  It seems that the -CA argument
>> needs to be the signer of the cert, not the CA for the chain; and
>> you cannot give -CA multiple times.  So you don't get good OCSP status
>> for all elements in the chain:
>> $ openssl ocsp -sha256 -no_nonce -issuer $CADIR/Signer.pem -cert
>> $leafcert -issuer $CADIR/CA.pem -cert $CADIR/Signer.pem -cert
>> $CADIR/CA.pem -reqout $REQ -req_text
> Further experimentation finds that the "-CA" argument can be
> a PEM with multiple issuers, and this gets me a resp with all
> of the Cert Status values "good" rather than some "unknown".
>    [ The "openssl ocsp" manpage could possibly use more info
>      on the situation ]
> However, in trying to use that, I'm now less certain it was what
> was wanted.  It results in a server TLS1.3 Certificates record
> having a single extension, placed after the first certificate
> of the three bundled in my testcase (leaf, signer, root).
> The extension is a certificate-status with three single-response
> items.
> This contrasts with the situation I had developed using GnuTLS
> (which accepts a multi-PEM file for proofs); it placed an extension
> with a single status after each of the three certificates.

OpenSSL does not currently support that. You can only place a status response
after the first certificate.


> Are both layouts of the TLS1.3 Certificates record valid?
> FWIW, feeding this same multi-resp to GnuTLS makes it bahave
> the same way as OpenSSL.  The triplet of single-responses is
> _also_ visible in a TLS1.2 Certificate Status record.

More information about the openssl-users mailing list