OCSP and OCSP stapling support


Does Erlang now support OCSP and OCSP stapling? I stumble upon the blog post about implementing it in Erlang and using it in emqx EMQX Supports OCSP stapling - YouTube. Also, there is undocumented code in ssl and some tests https://github.com/erlang/otp/blob/master/lib/ssl/test/openssl_ocsp_SUITE.erl

So, my question is, when the OSCP and OCSP stapling will be publicly available and documented? Is it safe to use it in the Erlang 26 now?

1 Like

Summoning @voltone who likely knows the most on this topic. As far as my understanding goes, this code is not functional, and there is no specific deadline when it’s going to be released.

1 Like

Some work was indeed done by the OTP team on adding an OCSP client and the logic to verify the revocation status of a peer certificate. However, the author of that code left, and the work-in-progress code was merged and released with a disclaimer (public_key-1.9, as part of OTP 23.1)

At the time I reviewed some of the code and noticed that the code that verifies the OCSP response does not correctly verify that the OCSP response signer is a legitimate responder for the peer certificate’s issuer. This would mean anyone can spoof an OCSP response for any server certificate and OTP will accept its contents. I have not reviewed recent OTP versions to check if this has been fixed, but I have not seen any mention of OCSP in the public_key releases notes since 1.9.

As for OCSP stapling, there appears to be some support in ssl, as the ssl-10.4 release notes mention a bug fix. I believe this probably relates to client-side stapling (verifying the OCSP response) and not server-side stapling. Any way, any support of OCSP in ssl is going to be dependent on the state of public_key.

I cannot comment on future plans of the OTP team, maybe @ingela can.

  • OCSP stapling is on OTP radar but not prioritized
  • work on client side OCSP stapling support is ongoing; it should be released in OTP-27
  • @voltone is right - current OSCP related code should be considered unsecure and good only for some experimenting with client side OCSP stapling
  • server side OCSP stapling is considered as a future roadmap item candidate