<![CDATA[wolfSSL - Embedded SSL Library — OCSP Stapling]]> https://www.wolfssl.com/forums/topic2156-ocsp-stapling.html Wed, 04 Sep 2024 08:48:22 +0000 PunBB <![CDATA[Re: OCSP Stapling]]> https://www.wolfssl.com/forums/post7829.html#p7829 Hello,

You can add a custom OCSP answer by specifying a custom OCSP lookup callback with `wolfSSL_CTX_SetOCSP_Cb`.
The custom callback can analyze the URL and the request and provide a custom OCSP response.
For example to provide always the same ocsp response you can use:

```
uint8_t static_ocsp_response[] = { /* OCSP response bytes */ };
int ocsp_response_cb(void* Ioctx, const char* url, int urlSz,
              unsigned char* req, int reqSize, unsigned char**resp)
{
    *resp = static_ocsp_response;
    return sizeof(static_ocsp_response);
}

```

I attached a small PoC on how to use the custom cb to provide a static ocsp response.

Regards,
Marco

]]> Wed, 04 Sep 2024 08:48:22 +0000 https://www.wolfssl.com/forums/post7829.html#p7829 <![CDATA[OCSP Stapling]]> https://www.wolfssl.com/forums/post7804.html#p7804 Hello,
I am trying to setup a POC using OCSP stapling feature implemented in WolfSSL lib
The client has to check the validity of server certificate, then the server has to attach with its certificate the OCSP response.
I don’t want specify an URL for OCSP responder because I want to simulate the OCSP answer and so manage that directly into the server’s code.
To do that I am looking the APIs to use on server side to upload the simulated OCSP answer into the SSL session.
I didn’t find any APIs in API index neither in “OCSP Support web page”
Do you have any idea/recommendation to implement that …
By advance thanks

]]> Tue, 20 Aug 2024 08:47:01 +0000 https://www.wolfssl.com/forums/post7804.html#p7804