Stapled OCSP responses for intermediate certs

Akshath Hegde arhsagar at
Mon Mar 6 16:35:15 UTC 2023

Hi Benjamin,
Thanks a lot for the information. I'm trying out
SSL_CTX_set_msg_callback() now. Are there any parsers available for
extracting contents of Certificate message?. I have been searching and I
could see them for ClientHello but not the others.


On Fri, Mar 3, 2023 at 6:08 AM Benjamin Kaduk <bkaduk at> wrote:

> I don't know about (1) offhand, but (inline)
> On Thu, Mar 02, 2023 at 05:25:48PM +0530, Akshath Hegde wrote:
> >    Hi,
> >    I had few questions about OCSP stapling for intermediate certificates.
> >    On the client side I'm adding  "certificate status request" extension
> to
> >    ClientHello message. For server, Im using an apache httpd server
> which has
> >    OCSP responder details configured in ssl module. THe negotiated TLS
> >    version is 1.3
> >    1)The server has a multi tier cert chain. But it seems to be sending
> the
> >    OCSP response for only the end entity certificate. Apache
> documentation
> >    seems to suggest this is expected and multi-stapling is not
> supported. Is
> >    anyone aware of a http server that supports multi-stapling?
> >    2)On the client side, I'm registering for the OCSP response callback
> with
> >    SSL_CTX_set_tlsext_status_cb.
> >    In case of a multi tiered cert chain and OCSP response for each cert,
> is
> >    this callback called once for each response?, or only one time?
> >    If its called only only one time, how are the responses accessed?
> >    SSL_get_tlsext_status_ocsp_response -> seems to return only one OCSP
> >    response.
> >    And I haven't been able to try tis for the lack of multi-stapling
> support
> >    in http server
> It looks like it is just called once at the end of processing the server's
> first flight.
> The API was clearly designed prior to TLS 1.3 and not modernized as part
> of the TLS 1.3 implementation;
> the updates were pretty minimal (see commit
> 7776a36cfa5853175a858fa32983f22f36513171 that just generalizes
> from "process ServerDone" to "process server's first flight").
> For TLS 1.3 you only get the response for the end-entity certificate; we
> specifically ignore the extension for other certificates in the chain.
> >    3)The OCSP response callback seems to be called after the cert chain
> >    verification callback has ended. Is there any reason for this?. The
> >    authenticity of OCSP response is established by a different chain
> >    response -> CA that signed cert), and doesn't need to wait for the
> server
> >    end entity verification?. So instead of CRL, OCSP could have been used
> >    during cert chain verification
> I did not specifically go dig into the VCS history, but in general
> OpenSSL's
> callback interfaces are not part of a intentional wholistic design; most
> were
> added as one-offs to meet a specific purpose and they often can interact
> with
> each other in quite unfortunate ways.  On the server side, many of the
> callbacks are mostly superseded by the "client hello callback" that runs
> very
> early and has well-defined interactions with other callbacks (and can act
> before libssl has started processing anything), at the cost of needing to
> do
> more parsing of the data by hand.  That doesn't help you here, of course;
> if
> you need to see all the OCSP responses you will probably need to use a
> message
> callback (SSL_CTX_set_msg_callback()) in order to get access to the
> multi-staple.
> -Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list