Callback functions higher up in the stack than X509_STORE_set_verify_cb?

Ander Juaristi a at
Tue Aug 4 08:25:44 UTC 2020

Hi list,

I'm implementing OCSP stapling for wget2 with OpenSSL. And I was 
wondering if there's a better way.

The way I'm doing this currently is by letting the handshake complete 
normally and check the received OCSP responses (stapled or not) at the 
end. Then, if OCSP does not verify, I close the connection.

I.e. something like the following:

do {
     retval = SSL_connect(ssl);
     /* <snip> */
} while (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE);

if (retval <= 0) {
     /* Error - tell the user and exit */
     /* <snip> */
     goto bail;

/* Check the OCSP response here */
ocsp_stap_length = SSL_get_tlsext_status_ocsp_resp(ssl, &ocsp_resp);

certs = SSL_get_peer_cert_chain(ssl);

if (!check_ocsp(ssl, certs, ocsp_resp)) {
     /* Error - OCSP cannot be verified */
     goto bail;

The specs (RFC 6960 and RFC 6066) are not clear on whether how a 
non-conforming OCSP response should be handled: by sending an alert and 
aborting the handshake,
or by closing the connection after the handshake has successfully 
completed. Please correct me if I'm wrong here.

I'm currently doing the second one out of a purely technical lack of 
knowledge on how to do the first one, but I believe the first one would 
be cleaner.

Previously, I would register a callback function with 
X509_STORE_set_verify_cb() and perform the OCSP checking there. This 
worked for traditional OCSP (RFC 6960). However it will not work for 
stapled OCSP, because that callback function is called after the 
certificates are read, but before the stapled OCSP is read.

I was wondering if a hook point exists that would allow me to do this 
just before ChangeCipherSpec is sent by the client,
as, at that point, all the information should already be available.

TL;DR I want to hook at a point just before SSL_connect() returns.

More information about the openssl-users mailing list