1

Pretty much this is request for additional information for the question: OpenSSL certificate revocation check in client program using OCSP stapling

I want to know how OpenSSL actually handles OCSP stapling response. Questions are:
1. Does the OpenSSL check the signature, issuer key/name hashes of the response?
2. Does the response include OCSP responses for the whole certificate chain? If so, is there a way to know that one of the validations have failed?
3. To sum up, can I simply rely on 'Cert Status: good' field of the response? :)

My concern is that hacker may craft https server using revoked (stolen) certificate but during handshake provide valid stapled OCSP response for a random website that was certified by the same CA issuer. Could the OpenSSL handle such situation?

The sample OCSP response can be found here https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html#testing-ocsp-stapling

Community
  • 1
  • 1
Evgeny Yashin
  • 58
  • 9
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. Also [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Apr 12 '16 at 23:23

1 Answers1

0

The Documentation for SSL_set_tlsext_status_type says the callback must determine if the OCSP response is acceptable.

That implies the OpenSSL library itself will not do any validation of the OCSP response. But it's open source, so we can look. See OpenSSL source of s3_clnt.c on GitHub

The library will validate that the message type is correct in the SSL handshake, and that the length is correct and the response is complete, but does not examine the contents at all.

The callback is called, if one is set up using SSL_CTX_set_tlsext_status_cb, and the return code from the callback is the only thing used to either continue or abort the SSL handshake.

The response data will be the DER-encoded binary bytes of the OCSP response. OpenSSL provides functions to parse this value and examine its contents.

davenpcj
  • 12,508
  • 5
  • 40
  • 37