Re: OCSP for LWP::UserAgent

This isn't exactly what you asked for, but maybe an alternative approach: You should be able to use LWP::UserAgent with servers without OCSP stapling by passing the corresponding option like this:

$ua->ssl_opts( SSL_ocsp_mode => SSL_OCSP_NO_STAPLE );
[download]

(Combined from the documentation for IO::Socket::SSL and LWP::UserAgent)

Comment on Re: OCSP for LWP::UserAgent Download Code

Replies are listed 'Best First'.
Re^2: OCSP for LWP::UserAgent by ramabu (Initiate) on Jun 06, 2018 at 06:08 UTC
Thanks! This is definitely not what I asked for :-) I want to do OCSP. But if the HTTPS server doesn't staple a status response - then my only opportunity is during verify callback. Even if it did - it would only be for the leaf certificate, and I am after good status throughout the chain. However - I don't know how to recall the OCSP resolver of the underlying IO::Socket::SSL instance from within the callback. That's my question I did try to connect/disconnect the IP and port from the URL, and do the OCSP there, and only proceed to the actual request if this "tls-ocsp-ping" was successful. However, this approach can have a performance impact, as the LWP::UserAgent with keepalive will not re-do a TLS handshake for every request (to same server). rama	[reply]

Replies are listed 'Best First'.

Re^2: OCSP for LWP::UserAgent
by ramabu (Initiate) on Jun 06, 2018 at 06:08 UTC

not

[reply]