jami-daemon: add OCSP verification, store & trust
-
☑ revoke jams device -
☑ openssl OCSP server setuphttps://github.com/binarytrails/notes/blob/master/software/ssl.md#setup-server
-
☑ proof-of-concept with opendht http libraryhttps://github.com/binarytrails/various/blob/master/cpp/gnutls/ocsp.cpp
-
☑ generating / sending OCSP request -
☑ receiving / processing OCSP request
-
-
Jami-daemon integration: https://review.jami.net/c/ring-daemon/+/12792
-
☑ Verify certificate with OCSP if present with a TLS session wrapper -
☑ Test/Debug/Validate JAMS for OCSP feature -
☑ Save OCSP responses into Certificate Storeocsp/ └── <Certificate UID> └── <OCSP Response Serial Number> -
☑ Load OCSP responses into Certificate Store -
☑ OpenDHT: Use OCSP requests store/trust implementation in Crypto -
☑ IM: Validate peers with OCSP responses prior to communication -
Implement OCSP periodic request sending/caching (IM are not automatic)
(ensures no revoked user can send messages even if the tls wrapper is not called as in sip calls)
-