[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | OpenSSL OCSP: Do not contact OCSP responder if stapled OCSP
From: |
Ander Juaristi (@juaristi) |
Subject: |
Re: wget2 | OpenSSL OCSP: Do not contact OCSP responder if stapled OCSP response is available (#578) |
Date: |
Wed, 19 Jan 2022 16:03:43 +0000 |
Ander Juaristi commented:
Hi @rockdaboot Thanks for bringing this up. I was totally aware of this and
even tried to fix it one day, but couldn't.
We currently contact OCSP responders on the certificate callback:
`X509_STORE_CTX_set_verify_cb`. And the stapled OCSP is of course checked at
the stapled OCSP callback: `SSL_CTX_set_tlsext_status_cb`. The problem is that
for most servers the `Certificate` message comes before the `CertificateStatus`
message (this is the stapled OCSP), and OpenSSL calls the callbacks as it sees
the messages. Hence, the certificate callback gets called before the stapled
OCSP callback, and that causes the OCSP requests to be sent.
I have always thought the whole cert chain should be completely validated
before the handshake finishes (read: before `SSL_do_handshake` returns). So
ideally, we should contact OCSP at some point after the `Certificate` and
`CertificateStatus` have been processed (at this point we should also know the
whole cert chain), but before the handshake is finished. I remember one day I
was looking at other hooks in OpenSSL that would allow me to inject my code
somewhere at that point, but unfortunately found none. If what I'm thinking
can't be reliably done, I guess we should just wait for the handshake to
complete normally, then check OCSP (if needed), and close the connection if we
can't verify.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/578#note_815432634
You're receiving this email because of your account on gitlab.com.