Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
This question is regarding IO::Socket::SSL/Net:SSLeay and LWP::UserAgent.
To check certificate revocation status with OCSP, one needs to explicitly call the ocsp_resolver of the socket, e.g. resolve_blocking().
That's the strategy I use in Net::LDAP.
But in LWP::UserAgent, the connection is a "private", cached member of the object.
My question is - Can I obtain a socket reference from within a verify callback? E.g. the 2nd arg of the callback?
If yes, then -
o Can I conduct blocking OCSP at that point?
If not, then -
o How to invoke "ocsp_resolver"?
I need this in order to check the certificate status of non-stapling Web servers, or of an upper-chain certificate (normally not stapled)
I truly hope my question is clear
And thank you for being one of the purest form of Human Genius and Generosity :-)