gocsp-responder

module

v0.0.0-...-2dd8270 Latest Latest Go to latest Published: Oct 7, 2019 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/grimm-co/gocsp-responder

Links

Open Source Insights

README ¶

gocsp-server

This is a go implementation of a basic OCSP Responder.
The two other options are:

openssl ocsp - does not support GET (safari) and dies on a request it does not understand
openca-ocspd - has memory corruption bugs.

It's a pretty simple protocol wrapped in HTTP.

Refer to RFC 6960: https://tools.ietf.org/html/rfc6960

Building

This was confirmed building with Go 1.10.2, thought it was originally built with 1.7rc6. Your milage may vary with other versions.

Clone the repo
cd into repo
export GOPATH=$PWD (or just clone it into your GOPATH)
go install gocsp-responder/main

Features

Supports HTTP GET and POST requests
Meant to work seamlessly with easy-rsa
Nonce extension supported (will implement more if needed)
SSL support (not recommended)
It works and doesn't have memory corruption bugs *cough* openca-ocspd *cough*

Limitations

Only works with RSA keys (I think)
Only PKCS1 (for keys) and PEM (for certs) supported. These are easy-rsa defaults

Tests

This has been tested and working with the openssl ocsp command, Chrome 55.0.2883.95, Firefox 50.1.0, and Safari 10.0.2. It should still work for newer versions of these browsers. I didn't test IE/Edge. If it doesn't work for those, submit an issue.

Options

Option	Default Value	Description
-bind	""	Bind address that the server will listen on (empty string is the same as 0.0.0.0 or all interfaces)
-cacert	"ca.crt"	CA certificate filename
-index	"index.txt"	CA index filename (openssl 6 column index.txt file)
-logfile	"/var/log/gocsp-responder.log"	File to log to
-port	8888	Port that the server will listen on
-rcert	"responder.crt"	Responder certificate filename
-rkey	"responder.key"	Responder key filename
-ssl	false	Use SSL to serve. This is not widely supported and not recommended
-stdout	false	Log to stdout and not the specified log file
-strict	false	Ensure Content-Type is application/ocsp-request in requests. Drop request if not. Some browsers (safari) don't supply this

Notes

The ocsp class is pretty much exactly copied from the golang.org/x/crypto/ocsp package. It had to be modified to support extensions so I just copied it in. I may submit a change request for their ocsp class at some point but for now it is modified for this package and included.

Directories ¶

Path	Synopsis
src
gocsp-responder/crypto/ocsp Package ocsp parses OCSP responses as specified in RFC 2560.	Package ocsp parses OCSP responses as specified in RFC 2560.
gocsp-responder/main
gocsp-responder/responder Implementation of an OCSP responder defined by RFC 6960	Implementation of an OCSP responder defined by RFC 6960

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL