OCSP stapling support

[p-mongo]

We are looking into implementing OCSP stapling support in our application using Ruby and are wondering how to do so/whether this is possible.

I found this SO post giving the steps using openssl: https://stackoverflow.com/questions/9607516/openssl-certificate-revocation-check-in-client-program-using-ocsp-stapling

It mentions using SSL_set_tlsext_status_type and SSL_CTX_set_tlsext_status_cb method, which appear to not be referenced by ruby-openssl code.

Is it possible to implement OCSP stapling using ruby-openssl today? If so, can someone point me to documentation on how to achieve this?

[ioquatix]

Sorry, I don't have an answer for you, but we'd be happy to receive a PR with documentation and/or expanding the surface area of the Ruby interface to support this use case.

[thekuwayama]

I think that ruby-openssl does not support API to do the OCSP Stapling yet.

[p-mongo]

I am working on implementing OCSP stapling.