Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: OCSP for LWP::UserAgent

by haj (Chaplain)
on Jun 05, 2018 at 19:40 UTC ( #1215955=note: print w/replies, xml ) Need Help??


in reply to OCSP for LWP::UserAgent

This isn't exactly what you asked for, but maybe an alternative approach: You should be able to use LWP::UserAgent with servers without OCSP stapling by passing the corresponding option like this:
$ua->ssl_opts( SSL_ocsp_mode => SSL_OCSP_NO_STAPLE );
(Combined from the documentation for IO::Socket::SSL and LWP::UserAgent)

Replies are listed 'Best First'.
Re^2: OCSP for LWP::UserAgent
by ramabu (Initiate) on Jun 06, 2018 at 06:08 UTC
    Thanks!
    This is definitely not what I asked for :-)

    I want to do OCSP.
    But if the HTTPS server doesn't staple a status response - then my only opportunity is during verify callback.
    Even if it did - it would only be for the leaf certificate, and I am after good status throughout the chain.
    However - I don't know how to recall the OCSP resolver of the underlying IO::Socket::SSL instance from within the callback.
    That's my question

    I did try to connect/disconnect the IP and port from the URL, and do the OCSP there, and only proceed to the actual request if this "tls-ocsp-ping" was successful.
    However, this approach can have a performance impact, as the LWP::UserAgent with keepalive will not re-do a TLS handshake for every request (to same server).

    rama

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1215955]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (6)
As of 2019-11-12 21:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Strict and warnings: which comes first?



    Results (66 votes). Check out past polls.

    Notices?