Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
  • jami-project jami-project
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 163
    • Issues 163
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • savoirfairelinux
  • jami-projectjami-project
  • Issues
  • #688
Closed
Open
Created Oct 09, 2019 by Vsevolod Ivanov@vivanovDeveloper

jami-daemon: add OCSP verification, store & trust

  • ☑ revoke jams device

    https://review.jami.net/c/ring-daemon/+/12742

  • ☑ openssl OCSP server setup

    https://github.com/binarytrails/notes/blob/master/software/ssl.md#setup-server

  • ☑ proof-of-concept with opendht http library

    https://github.com/binarytrails/various/blob/master/cpp/gnutls/ocsp.cpp

    • ☑ generating / sending OCSP request

    • ☑ receiving / processing OCSP request

  • Jami-daemon integration: https://review.jami.net/c/ring-daemon/+/12792

    • ☑ Verify certificate with OCSP if present with a TLS session wrapper

    • ☑ Test/Debug/Validate JAMS for OCSP feature

    • ☑ Save OCSP responses into Certificate Store

      ocsp/
      └── <Certificate UID>
          └── <OCSP Response Serial Number>
    • ☑ Load OCSP responses into Certificate Store

    • ☑ OpenDHT: Use OCSP requests store/trust implementation in Crypto

    • ☑ IM: Validate peers with OCSP responses prior to communication

      https://github.com/savoirfairelinux/opendht/pull/464

    • Implement OCSP periodic request sending/caching (IM are not automatic)

      (ensures no revoked user can send messages even if the tls wrapper is not called as in sip calls)

Edited Nov 15, 2019 by Vsevolod Ivanov
Assignee
Assign to
Time tracking