httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject mod_ssl OCSP questions
Date Thu, 29 Nov 2007 20:35:11 GMT
Taking this discussion out of bugzilla.  As implemented currently the 
OCSP validation is working like this:

1) trusted store T initialized with root certs configured via SSLCA*
2) foreach cert in chain from (root...client certificate):
   a) verify cert is signed by trusted cert (or, is transitively so)
   b) if so, perform OCSP validation on cert as follows:
     i) pick a responder, exchange OCSP messages
     ii) verify signature of OCSP response against certs in trusted 
         store T

I'm not familiar with how OCSP is typically deployed; my questions are:

a) is it acceptable to assume that the same set of trusted certs is used 
to verify the signature of the OCSP response as is used to verify the 
client cert itself?  Or do these need to be separately configurable?

b) does it really make sense to be doing OCSP validation individually on 
each cert in the peer's cert chain?  Marc mentioned an issue with a 
compromised intermediary cert; but I want to be sure I understand this 
properly.  Can someone explain the exact threat model which checking the 
whole chain would be necessary for?

c) Steve mentioned some responders don't accept requests with nonces.  
What is a sane default?  Send nonces (more secure), or not (better 
interop).  From reading the RFC it looks like mod_ssl should also be 
checking the validity times from the OCSP response, which would help, I 



View raw message