wget2 | OpenSSL: OCSP support (!468)

wget-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

wget2 | OpenSSL: OCSP support (!468)

From:	Ander Juaristi
Subject:	wget2 \| OpenSSL: OCSP support (!468)
Date:	Sun, 29 Mar 2020 16:08:04 +0000


Ander Juaristi created a merge request: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/468

Branches: wget2-openssl to master
Author:    Ander Juaristi



Here comes, finally the OCSP implementation with the OpenSSL backend.

This MR implements the following features:

 * OCSP
 * TLS stats from the OpenSSL backend

I had to re-generate the whole cert chain and add the `serverAuth` flag to the 
OCSP certificates of the test suite. This is so because the same cert chain is 
used for the OCSP server and the HTTPS server in the `test-ocsp-server` test 
(the test spawns those two servers). OpenSSL will reject HTTPS certificates 
that don't have the `serverAuth` flag, whereas GnuTLS doesn't seem to care, at 
least by default. With this change, both test suites (OpenSSL and GnuTLS) pass 
to me.

The major missing part is OCSP stapling and as such, this MR skips the OCSP 
stapling tests for the OpenSSL backend. My intention is to close #475 with this 
MR, and open a new one to track that. I am currently working on OCSP stapling 
in OpenSSL but there are some issues that prevent me from getting it to work. I 
hope I'll solve them soon. In the meanwhile, I thought it'd be better to close 
the previous MR (!460) and open a new one, because I was falling too much 
behind the master branch, and these features are ready to be merged from my 
point of view.

There are also some untested features (for both backends - OpenSSL and GnuTLS). 
I'll open new issues for those as well.

Missing features:

 * OCSP stapling (`status_request` extension, RFC 6066).

### Approver's checklist:

* [ ] The author has submitted the FSF Copyright Assignment and is listed in 
AUTHORS
* [ ] There is a test suite reasonably covering new functionality or 
modifications
* [ ] Function naming, parameters, return values, types, etc., are consistent 
with existing code
* [ ] This feature/change has adequate documentation added (if appropriate)
* [ ] No obvious mistakes / misspelling in the code

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/468
You're receiving this email because of your account on gitlab.com.

[Prev in Thread]

Current Thread

[Next in Thread]

wget2 | OpenSSL: OCSP support (!468), Ander Juaristi <=
- Re: wget2 | OpenSSL: OCSP support (!468), Tim Rühsen, 2020/03/29
- Re: wget2 | OpenSSL: OCSP support (!468), Ander Juaristi, 2020/03/30

Prev by Date: Re: wget2 | WIP: OpenSSL: OCSP support (!460)
Next by Date: Re: wget2 | OpenSSL: OCSP support (!468)
Previous by thread: Re: wget2 | WIP: OpenSSL: OCSP support (!460)
Next by thread: Re: wget2 | OpenSSL: OCSP support (!468)
Index(es):
- Date
- Thread