On Mon, Apr 13, 2009, Rene Hollan wrote: > What, if any, support is there in openssl to support OCSP stapling? > > I have code that does an OCSP check for received certs, but obviously > want to "play nice" and make use of any stapled OCSP response first, >
It is supported in the latest versions of OpenSSL. The s_server utility supports it in a minimal way. There is a patch to mod_ssl which is a more realistic implementation including OCSP response caching and expiry. The s_client utility also includes an example. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
