On Tue, Aug 04, 2020 at 10:25:44AM +0200, Ander Juaristi wrote:
> /* Check the OCSP response here */
> ocsp_stap_length = SSL_get_tlsext_status_ocsp_resp(ssl, &ocsp_resp);
>
> certs = SSL_get_peer_cert_chain(ssl);
Side comment, if you end up sticking with post-handshake validation you
probably w
Hi list,
I'm implementing OCSP stapling for wget2 with OpenSSL. And I was
wondering if there's a better way.
The way I'm doing this currently is by letting the handshake complete
normally and check the received OCSP responses (stapled or not) at the
end. Then, if OCSP does not verify, I clos
