full-chain ocsp stapling

Matt Caswell matt at openssl.org
Mon Sep 30 16:02:59 UTC 2019

On 30/09/2019 14:49, Jeremy Harris wrote:
> Looking at implementing the above, under TLSv1.3 and (at least
> initially) server-side.  I'm currently using
>     SSL_CTX_set_tlsext_status_cb()
>     SSL_set_tlsext_status_ocsp_resp(   a DER blob )
> and the problem is: will this accept a
> (DER-wrapped, basicresp-wrapped) stack of singleresp
> where the stack has >1 element?

It's an OCSPResponse object (see RFC2560) - represented by the OCSP_RESPONSE
type in OpenSSL. That can itself wrap a BasicOCSPResponse which can contain
multiple SingleResponses.

> If so, and that is the preferred way to load such
> a stapling, how can such a blob be constructed?

If you want to construct it from scratch you might want to take a look at how
the ocsp app does it:


> I have separate PEM files for each ocsp resp for
> the certificate chain, currently.  Converting
> to DER and pulling out the singleresp is feasible;
> it's building a multi-resp blob that looks hard.
> Alternatively, can SSL_set_tlsext_status_ocsp_resp()
> be called repeatedly, with distinct blobs for the
> stapling chain elements?  The manpage does not suggest it
> so it seems unlikely.

No, this isn't possible.

> Alternatively^2, is there some way to get such a blob from
> a tool (openssl ocsp, or similar) ready built?   For this
> purpose, I am the CA.

Yes, you can do this. For example see the "respout" option in the ocsp command.

>From the examples in the ocsp man page:

    Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
    response to a file, print it out in text form, and verify the response:

    openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
        -url http://ocsp.myhost.com/ -resp_text -respout resp.der

    Read in an OCSP response and print out text form:

    openssl ocsp -respin resp.der -text -noverify



More information about the openssl-users mailing list