Extend httpserv to implement OCSP server functionality

NEW
Unassigned

Status

6 years ago
4 years ago

People

(Reporter: kaie, Unassigned)

Tracking

(Blocks: 1 bug)

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
We should extend httpserv to act as an OCSP server.

I propose that URLs that start with /ocsp shall be handled by new OCSP server logic.

I propose to add a new command line option to httpserv:
  --ocspsigner nickname

and we should allow to specify that option multiple times, allowing a single process to provide responses for multiple CAs.

I want to start with the basic scenario, where CA == OCSP signer.
(We can figure out a way to support separate dedicated OCSP signer certs at a later time.)

The code shall require that the NSS database contains the private keys for all specified OCSP signers.
(Reporter)

Updated

6 years ago
Blocks: 811327
You need to log in before you can comment on or make changes to this bug.