You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by br...@apache.org on 2016/12/05 10:30:12 UTC
svn commit: r1772627 - /serf/branches/ocsp-verification/BRANCH-README
Author: brane
Date: Mon Dec 5 10:30:12 2016
New Revision: 1772627
URL: http://svn.apache.org/viewvc?rev=1772627&view=rev
Log:
On the ocsp-verification branch: Add branch docs.
* BRANCH-README: New file.
Added:
serf/branches/ocsp-verification/BRANCH-README (with props)
Added: serf/branches/ocsp-verification/BRANCH-README
URL: http://svn.apache.org/viewvc/serf/branches/ocsp-verification/BRANCH-README?rev=1772627&view=auto
==============================================================================
--- serf/branches/ocsp-verification/BRANCH-README (added)
+++ serf/branches/ocsp-verification/BRANCH-README Mon Dec 5 10:30:12 2016
@@ -0,0 +1,52 @@
+Support for OCSP Verification in Serf
+=====================================
+
+Serf trunk currently supports OCSP stapling for verifying server
+certificates. The purpose of this branch is to add minimal support
+for issuing OCSP requests to responders from the client application.
+
+The idea is that the application decides when and where to send OCSP
+requests and how to verify responses, and Serf provides some basic
+utility functions for constructing the requests and parsing the
+responses.
+
+These are the proposed changes:
+
+1. serf_ssl_cert_certificate()
+
+ Extract the OCSP responder URL from the certificate's x509v3
+ extension field authorityInfoAccess:OCSP;URI and, if it is
+ present, insert it into the returned hash table with key
+ "ocsp.uri".
+
+2. serf_ssl_cert_import()
+
+ Add new function that is the inverse of serf_ssl_cert_export():
+
+ serf_ssl_certificate_t *serf_ssl_cert_import(
+ const char *encoded_cert,
+ apr_pool_t *pool);
+
+ Imports certificate from a base64-encoded, zero-terminated
+ string. The returned certificate is allocated in @a pool.
+ Returns NULL on failure.
+
+3. serf_ocsp_request_setup()
+
+ Add a new function that can be used from within a request setup
+ handler to create an OCSP request bucket:
+
+ apr_status_t serf_ocsp_request_setup(
+ serf_request_t *request,
+ const serf_ssl_certificate_t *server_cert,
+ const serf_ssl_certificate_t *issuer_cert,
+ serf_bucket_t **req_bkt,
+ apr_pool_t *pool);
+
+ Constructs an OCSP verification request for @a server_cert
+ with issuer certificate @a issuer_cert and sets the required
+ headers on @a request, returning the request bucket @a req_bkt.
+
+4. serf_ocsp_response_parse()
+
+ TBD: Parse an OCSP response.
Propchange: serf/branches/ocsp-verification/BRANCH-README
------------------------------------------------------------------------------
svn:eol-style = native