Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ERL-693: ssl: OCSP stapling (server side) #3875

Open
OTP-Maintainer opened this issue Aug 6, 2018 · 1 comment
Open

ERL-693: ssl: OCSP stapling (server side) #3875

OTP-Maintainer opened this issue Aug 6, 2018 · 1 comment
Assignees
Labels
enhancement priority:low stalled waiting for input by the Erlang/OTP team team:PS Assigned to OTP team PS

Comments

@OTP-Maintainer
Copy link

Original reporter: voltone
Affected version: OTP-21.0.2
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-693


I added server-side support for OCSP stapling in this branch:
https://github.com/voltone/otp/tree/ocsp_stapling

It is fairly minimalistic, on purpose: there is no support for OCSP request/response generation or parsing, only for the StatusRequest Hello extension and the CertificateStatus response message with an opaque payload. The idea is that the OCSP response can be obtained through a library or even some external process (though it would be nice to add at least the OCSP ASN.1 files to public_key, to simplify library development).

I wrote a blog post (Elixir-centric) on how I enabled it on my own server (the blog server itself):
https://blog.voltone.net/post/21

I'd be happy to create a pull request, or work on this more with the OTP team's guidance, as long as it is within my (limited) Erlang capabilities. Please let me know :)
@OTP-Maintainer
Copy link
Author

ingela said:

This sounds interesting. We are interested in OCSP functionality but at the moment it is not very prioritized. Any PR adding OCSP functionallity must of course not take sort cuts and be usefull
in some way even if it is not complete. And of course there can be different PR for public_key parts and later ssl parts that use the public_key parts.

@u3s u3s self-assigned this Nov 9, 2022
@u3s u3s added stalled waiting for input by the Erlang/OTP team and removed in progress labels Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement priority:low stalled waiting for input by the Erlang/OTP team team:PS Assigned to OTP team PS
Projects
None yet
Development

No branches or pull requests

2 participants