[gnutls-devel] GnuTLS | Please add new function gnutls_ocsp_resp_set_single() to allow building an OCSP responder (#804)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jul 17 17:15:33 CEST 2019



Tim Rühsen created an issue:


  Looking at https://www.gnutls.org/manual/html_node/OCSP-certificate-status-checking.html, there seems to be missing a function to generate OCSP responses (or fill the response structure with values).

It would be very nice to have a pure GnuTLS OCSP responder for the GNU Wget2 test suite. Currently we manually start the 'openssl ocsp' tool and save the OCSP response to disk for later use. This adds OpenSSL as maintainer dependency and is clumsy - not talking about outdating time values in the response.

What we basically need is
```
int gnutls_ocsp_resp_set_single (gnutls_ocsp_resp_t resp, unsigned indx, gnutls_digest_algorithm_t digest, gnutls_datum_t * issuer_name_hash, gnutls_datum_t * issuer_key_hash, gnutls_datum_t * serial_number, unsigned int cert_status, time_t this_update, time_t next_update, time_t revocation_time, unsigned int revocation_reason)
```
plus an example. (Don't nail me for the details of such a function).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/804
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190717/5a58776a/attachment.html>


More information about the Gnutls-devel mailing list