Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re^2: OCSP for LWP::UserAgent

by ramabu (Initiate)
on Jun 06, 2018 at 06:08 UTC ( #1215988=note: print w/replies, xml ) Need Help??

in reply to Re: OCSP for LWP::UserAgent
in thread OCSP for LWP::UserAgent

This is definitely not what I asked for :-)

I want to do OCSP.
But if the HTTPS server doesn't staple a status response - then my only opportunity is during verify callback.
Even if it did - it would only be for the leaf certificate, and I am after good status throughout the chain.
However - I don't know how to recall the OCSP resolver of the underlying IO::Socket::SSL instance from within the callback.
That's my question

I did try to connect/disconnect the IP and port from the URL, and do the OCSP there, and only proceed to the actual request if this "tls-ocsp-ping" was successful.
However, this approach can have a performance impact, as the LWP::UserAgent with keepalive will not re-do a TLS handshake for every request (to same server).


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1215988]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (7)
As of 2020-08-12 09:35 GMT
Find Nodes?
    Voting Booth?
    Which rocket would you take to Mars?

    Results (65 votes). Check out past polls.