On Thu, Apr 11, 2019, at 15:49, erikssonfili...@gmail.com wrote: > Using Go's standard TLS library this does not seem possible, as > tls.Dial does not seem to do any OCSP checking. Another possible > workaround would be to fetch the server certificate without > performing a handshake, then check revocation status, and if status > is OK, redo the handshake using tls.Dial, but I couldn't find a way > to do it in Go.
You can use golang.org/x/crypto/ocsp [1] and create your own dialer which performs an OCSP request. You can also use this to parse any stapled responses which are returned by crypto/tls's OCSPResponse() method. [1]: https://godoc.org/golang.org/x/crypto/ocsp —Sam -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
