Re: Example of a client that doesn't attempt to contact OCSP Responder
After discussing with the team, I’ve realized that my understanding of the NO_WOLFSSL_SERVER/CLIENT defines was incomplete. The ability to enable/disable the client/server options was put in the library awhile back to reduce the memory footprint, but not every feature we’ve introduced since then is specifically designed to work with those options. While wolfSSL has added SOME client/server side considerations to the OCSP stapling design at the behest of customers and under a “feature request” agreement, OCSP stapling in its entirety has not been wholly designed for use without the client or server. The OCSP stapling original design was done with the assumption that users of it would be building the full library, not just client or server and we will continue to expand on that design on a per-customer basis. wolfSSL is capable and of course, changing it so you can build just client or server with OCSP stapling is possible (as I’ve started to do with my changes). Can you tell us a bit about your need for NO_WOLFSSL_SERVER/CLIENT? Are you exceeding memory requirements that you have? I think some context here will help us figure out a path forward.
EDIT: For what it's worth, I'll have changes on my PR up this evening that should fix the issue with building a server with NO_WOLFSSL_CLIENT defined. The above paragraph is relevant for going forward, especially if it turns out that even more changes are required to get OCSP stapling working perfectly with these defines.