Coder Social home page Coder Social logo

gocsp-responder's Introduction

gocsp-server

This is a go implementation of a basic OCSP Responder.
The two other options are:

  1. openssl ocsp - does not support GET (safari) and dies on a request it does not understand
  2. openca-ocspd - has memory corruption bugs.

It's a pretty simple protocol wrapped in HTTP.

Refer to RFC 6960: https://tools.ietf.org/html/rfc6960

Building

This was confirmed building with Go 1.10.2, thought it was originally built with 1.7rc6. Your milage may vary with other versions.

  1. Clone the repo
  2. cd into repo
  3. export GOPATH=$PWD (or just clone it into your GOPATH)
  4. go install gocsp-responder/main

Features

  • Supports HTTP GET and POST requests
  • Meant to work seamlessly with easy-rsa
  • Nonce extension supported (will implement more if needed)
  • SSL support (not recommended)
  • It works and doesn't have memory corruption bugs *cough* openca-ocspd *cough*

Limitations

  • Only works with RSA keys (I think)
  • Only PKCS1 (for keys) and PEM (for certs) supported. These are easy-rsa defaults

Tests

This has been tested and working with the openssl ocsp command, Chrome 55.0.2883.95, Firefox 50.1.0, and Safari 10.0.2. It should still work for newer versions of these browsers. I didn't test IE/Edge. If it doesn't work for those, submit an issue.

Options

Option Default Value Description
-bind "" Bind address that the server will listen on (empty string is the same as 0.0.0.0 or all interfaces)
-cacert "ca.crt" CA certificate filename
-index "index.txt" CA index filename (openssl 6 column index.txt file)
-logfile "/var/log/gocsp-responder.log" File to log to
-port 8888 Port that the server will listen on
-rcert "responder.crt" Responder certificate filename
-rkey "responder.key" Responder key filename
-ssl false Use SSL to serve. This is not widely supported and not recommended
-stdout false Log to stdout and not the specified log file
-strict false Ensure Content-Type is application/ocsp-request in requests. Drop request if not. Some browsers (safari) don't supply this

Notes

The ocsp class is pretty much exactly copied from the golang.org/x/crypto/ocsp package. It had to be modified to support extensions so I just copied it in. I may submit a change request for their ocsp class at some point but for now it is modified for this package and included.

gocsp-responder's People

Contributors

wumb0 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.