Reputation: 55
How to read ocsp stapled response during handshake in C# or Java
There is an OCSP Responder to which the server will communicate and staple the response. How can the client check for the stapled response in C# or Java. Bouncy Castle, Chiklat, native lib - they call seem to have ways for the client to talk to the OCSP responder but not read the stapled response.
Upvotes: 0
Views: 998
Answers (1)
Reputation: 432
As you already mentioned correctly, stapling is done during the handshake. I only know how to do this in the C# port of Bouncy Castle, since I'm implementing a PKIX crypto component based on BC, which also considers OCSP and which simplifies the BC calls dramatically (I will report it here when I'm ready to publish an alpha version, will most likely be open source).
First of all, according to RFC6066, stapling responses are only sent if you ask for them in the Client-Hello. To enable this, you have to override GetClientExtensions of your TlsClient (e.g. when you inherit from DefaultTlsClient):
using BouncyTls = Org.BouncyCastle.Crypto.Tls;
...
public override IDictionary GetClientExtensions() // Override in your TlsClient class
{
IDictionary clientExtensions = base.GetClientExtensions();
clientExtensions = BouncyTls.TlsExtensionsUtilities.EnsureExtensionsInitialised(clientExtensions);
byte type = BouncyTls.CertificateStatusType.ocsp;
var request = new BouncyTls.OcspStatusRequest(null, null);
BouncyTls.TlsExtensionsUtilities.AddStatusRequestExtension(clientExtensions, new BouncyTls.CertificateStatusRequest(type, request));
return clientExtensions;
}
After that, the server will send the stapling response if supported.
However, the response is only available during the handshake, if you see Bouncy Castle's source code, it is cleared on CompleteHandshake in your TlsClientProtocol instance.
Therefore you have to intercept here too:
protected override void CompleteHandshake() // Override in your TlsClientProtocol class
{
// After the handshake completed, we do not have any access to the handshake data anymore
// (see TlsClientProtocol.CleanupHandshake). Therefore we must intercept here to gather information
YourValidationOfTheOcspResponse(mCertificateStatus);
// mCertificateStatus holds the response. It is cleared after the following call:
base.CompleteHandshake();
}
I spent hours until I understood what bouncy castle is doing here and how the stapling response can be extracted, although the code to do so is very simply. A good starting point is always to find the corresponding RFC and compare fields with BC, since Bouncy Castle uses the exact same identifiers in most cases.
Just another side note; to comply with the TLS standard, use RaiseAlertFatal to write the correct error records (see RFC8446) if a status entry tells that a certificate is revoked, etc.
Upvotes: 1
Related Questions
- OCSP response does not give Certificate Status
- How can my C# program read HTTP response header for cefsharp?
- OCSP check in Java secure sockets
- obtaining the OCSP URL from certificate using openSSL API
- Correctly handle OCSP requests from C# / Java app (+ BouncyCastle)
- Java 9 and TLS OCSP stapling
- How to use OCSP responses in validation of CertPath
- Java OCSP Client using openSSL
- Certificate check via OCSP in C#
- Exception When Reading OCSP Signing Certs in Java