JY4iNIPqZaTp

OCSP stapling (patch)

Discussion created by JY4iNIPqZaTp on Mar 20, 2015
Latest reply on Jul 26, 2015 by Ivan Ristić

The OCSP stapling test fails with SNI-only servers.

 

Please improve the underlying code as follows:

 

fqdn="example.com";

 

response="$( echo QUIT | openssl s_client -connect ${fqdn}:443 -servername ${fqdn} -tls1 -tlsextdebug -status 2>&1 | grep 'OCSP\ Response\ Status'; )":

 

if [[ "$response" =~ "successful" ]]; then

     echo "OCSP stapling: Yes";   

else

     echo "OCSP stapling: No";

fi

Outcomes