OCSP verification in a non-blocking environment

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

OCSP verification in a non-blocking environment

Detlef Vollmann
I have a non-blocking DTLS server and use SSL_VERIFY_PEER.
Now I'd like to use the verify_callback that I set with
SSL_CTX_set_verify() to check via OCSP for revocation.
This works fine in a simple blocking test program, where
I can just wait for the OCSP reply and then return 0 or 1
from my verify_callback function dependent on this reply.

But in a non-blocking program I can't wait for the OCSP reply,
but I also can't return -1 from my verify_callback function
to tell the handshake code to call the callback again.

Am I right that I can only do a non-blocking OCSP check after
the handshake has finished?