OCSP stapling on client (C++)

Khuzema Pithewan

unread,

Jan 7, 2019, 10:29:19 PM1/7/19

to grpc.io

Hi,

I am using boringSSL and it does have API to enable OCSP stapling on client side, but gRPC client (C++) API don't really expose any method to set that. Any plans to support that?

Thanks

Khuzema

jian...@google.com

unread,

Jan 28, 2019, 12:22:17 PM1/28/19

to grpc.io

We don't have any concrete plan to support OCSP in grpc core.

One plan we have is to support handshaker model, where there is a handshaker server that does all the SSL work (key management, revocation, rotation, handshake, session resumption and caching, and so on). gRPC just needs to implement a thin handshaker client that talks to the handshaker server. In that scenario, OCSP support goes into handshaker server, rather than gRPC code.

Khuzema Pithewan

unread,

Jan 28, 2019, 2:05:18 PM1/28/19

to grpc.io

Ok. Thanks.

Do we have any tracker where I can look up whats being planned for future releases?