Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: add something similar to cURL's --cert-status #287

Open
Seirdy opened this issue Oct 5, 2022 · 2 comments
Open

Feature request: add something similar to cURL's --cert-status #287

Seirdy opened this issue Oct 5, 2022 · 2 comments

Comments

@Seirdy
Copy link

Seirdy commented Oct 5, 2022

cURL has the ability to require and verify OCSP stapled responses with the --cert-status option. Having this feature available in xh would make it great for testing both the HTTPS and TLS setup of a server with a single request.

A similar but far more cumbersome option is the --crlfile option; stapling is a much simpler approach, IMO.
@ducaale
Copy link
Owner

ducaale commented Oct 31, 2022

The default TLS library that we are using (i.e rustls) doesn't support client-side OCSP stapling yet, see rustls/rustls#31. I also haven't figured out yet how to do OCSP in native-tls so any help would be greatly appreciated!

A similar but far more cumbersome option is the --crlfile option; stapling is a much simpler approach, IMO.

It looks like some clients have deprecated this in favour of OCSP stapling so let's focus on the latter one

@ducaale
Copy link
Owner

ducaale commented Mar 30, 2023

Note to self: Check if https://github.com/rustls/rustls-platform-verifier can be used to check certificate revocation via OCSP and CRLs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ducaale @Seirdy