Is OCSP Stapling supported in Go? If so, how?

[John Wayne]

I tried to google this for a while now, and all I find regarding this topic is: https://groups.google.com/g/golang-nuts/c/QC5FOysyVxg

This is already many years old, and to me it seems like there is code inside Go which allows to perform server side OCSP stapling. However, I am unable to find out how one would use this. Does this just work transparently in the background, all done by the Go library itself, or does the developer need to take measures when implementing an HTTP server using Go?

I would test this out myself, but testing whether or not a given server provides the OCSP response in the handshake is not exactly trivial, since you would need to have a proper certificate with a working OCSP responder set up, which I don't.

So I would really appreciate if someonce could shed a bit of light on this topic for me.

Thanks!

[Sean Liao]

The standard library itself doesn't do it, but it does provide you with hooks to do so.

Set crypto/tls.Config.GetCertificate to an appropriate implementation of OCSP stapling.

Examples of ocsp stapling can be found via the package discovery site: https://pkg.go.dev/search?q=ocsp+staple

- sean

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/99634c56-6357-48b8-887f-9d27067182fan%40googlegroups.com.