Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Implement verification of OCSP replies.

Browse source 
The OpenSSL code to do that is a nightmare.
This commit is contained in:
Bernhard Amann 2014-05-16 10:29:37 -07:00
parent ccccda6da8
commit 55d0c6f7fa
4 changed files with 247 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/btest/scripts/base/protocols/ssl/ocsp-stapling.test
View file

@ -3,5 +3,10 @@
event ssl_stapled_ocsp(c: connection, is_orig: bool, response: string)
{
local chain: vector of opaque of x509 = vector();
for ( i in c$ssl$cert_chain )
chain[i] = c$ssl$cert_chain[i]$x509$handle;
print is_orig, |response|;
print x509_ocsp_verify(chain, response, SSL::root_certs);
}