Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:


This question is regarding IO::Socket::SSL/Net:SSLeay and LWP::UserAgent.
To check certificate revocation status with OCSP, one needs to explicitly call the ocsp_resolver of the socket, e.g. resolve_blocking().
That's the strategy I use in Net::LDAP.

But in LWP::UserAgent, the connection is a "private", cached member of the object.

My question is - Can I obtain a socket reference from within a verify callback? E.g. the 2nd arg of the callback?
If yes, then -
o Can I conduct blocking OCSP at that point?
If not, then -
o How to invoke "ocsp_resolver"?
I need this in order to check the certificate status of non-stapling Web servers, or of an upper-chain certificate (normally not stapled)

I truly hope my question is clear

And thank you for being one of the purest form of Human Genius and Generosity :-)