ERL-693: ssl: OCSP stapling (server side)

[OTP-Maintainer]

Original reporter: voltone
Affected version: OTP-21.0.2
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-693

---

I added server-side support for OCSP stapling in this branch:
https://github.com/voltone/otp/tree/ocsp_stapling

It is fairly minimalistic, on purpose: there is no support for OCSP request/response generation or parsing, only for the StatusRequest Hello extension and the CertificateStatus response message with an opaque payload. The idea is that the OCSP response can be obtained through a library or even some external process (though it would be nice to add at least the OCSP ASN.1 files to public_key, to simplify library development).

I wrote a blog post (Elixir-centric) on how I enabled it on my own server (the blog server itself):
https://blog.voltone.net/post/21

I'd be happy to create a pull request, or work on this more with the OTP team's guidance, as long as it is within my (limited) Erlang capabilities. Please let me know :)

[OTP-Maintainer]

ingela said:

This sounds interesting. We are interested in OCSP functionality but at the moment it is not very prioritized. Any PR adding OCSP functionallity must of course not take sort cuts and be usefull
in some way even if it is not complete. And of course there can be different PR for public_key parts and later ssl parts that use the public_key parts.