New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocsp proxy support feature request #6965
Comments
Ping. Can you please confirm that 'ocsp' module cannot work behind a proxy, and if so, maybe see about prioritising this feature request (if possible at all)? |
@DDvO is this somehow handled already in your http client improvements in the current master? |
So far I was not aware of this FR; thanks @t8m for pointing me to it. I've added proxy support to the OpenSSL crypto lib already 1.5 years ago in PR #10667 (commit 29f178b). Yet I wonder if this FR makes sense for the |
I just added explicit HTTP(S) proxy support to the OCSP client part of the |
Strongly related to feature request openssl#6965
@plaintextcity, @ounsworth, @THausherr, @DanielOatAWS, and @drwetter, did #15245 solve the issue for you? |
To me it seems so. Thanks! |
I can't comment, I'm not sure why I bookmarked this. Most likely I had to troubleshoot some https connection at work years ago. |
Thanks anyway for letting us know. |
@DDvO Neat, I had forgotten about this thread. If I remember correctly, at the time I was fuzz testing an OCSP server and I was looking for an easy way to capture valid OCSP requests in a proxy like Burp or OWASP ZAP so that I could then inject broken ASN.1. I would be happy to test this, but I've never done openssl dev before, so I'll need instructions for getting the nightly build or building your dev branch. |
Interesting use case.
Thanks @ounsworth for offering to test this. |
I am closing this. A new issue can be opened if there is still anything missing with the proxy support in ocsp. |
Strongly related to feature request openssl#6965 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#15245)
Proxy support in s_client is a welcome addition and helpful for troubleshooting. In order to troubleshoot connection issues (walking through Ivan Ristic's OpenSSL Cookbook "Testing with OpenSSL") it would be helpful to have the equivalent -proxy support from s_client in ocsp.
The text was updated successfully, but these errors were encountered: