GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → grimm-co → GOCSP-responder

grimm-co / GOCSP-responder

Licence: MIT License
OCSP responder written in Go meant to be used with easy-rsa

Programming Languages

go
31211 projects - #10 most used programming language

Labels

ocspgolang-application

Projects that are alternatives of or similar to GOCSP-responder

AutoSpotting
Saves up to 90% of AWS EC2 costs by automating the use of spot instances on existing AutoScaling groups. Installs in minutes using CloudFormation or Terraform. Convenient to deploy at scale using StackSets. Uses tagging to avoid launch configuration changes. Automated spot termination handling. Reliable fallback to on-demand instances.
Stars: ✭ 2,058 (+8475%)
Mutual labels:  golang-application
breakglass
A command line tool to provide login credentials from Hashicorp Vault
Stars: ✭ 33 (+37.5%)
Mutual labels:  golang-application
docker-testssl
http://testssl.sh/ in a tiny docker container
Stars: ✭ 19 (-20.83%)
Mutual labels:  ocsp
smtpdane
SMTP DANE testing tool
Stars: ✭ 15 (-37.5%)
Mutual labels:  ocsp
go-evepraisal
the code that powers evepraisal.com
Stars: ✭ 61 (+154.17%)
Mutual labels:  golang-application
authz0
🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
Stars: ✭ 248 (+933.33%)
Mutual labels:  golang-application
urlredir
Educational URL redirector service in Go
Stars: ✭ 26 (+8.33%)
Mutual labels:  golang-application
vault-ocsp
OCSP responder for Hashicorp Vault PKI
Stars: ✭ 42 (+75%)
Mutual labels:  ocsp
pigger
A cross-platform note taking and static blog writing system in golang
Stars: ✭ 16 (-33.33%)
Mutual labels:  golang-application
smtp-dkim-signer
SMTP-proxy that DKIM-signs e-mails before submission to an upstream SMTP-server.
Stars: ✭ 28 (+16.67%)
Mutual labels:  golang-application
zauth
2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.
Stars: ✭ 74 (+208.33%)
Mutual labels:  golang-application
rss2email
Convert RSS feeds to emails
Stars: ✭ 72 (+200%)
Mutual labels:  golang-application
gin-rest-api
Example golang using gin framework everything you need, i create this tutorial special for beginner.
Stars: ✭ 56 (+133.33%)
Mutual labels:  golang-application
Morpheus
A Matrix client written in Go-QT
Stars: ✭ 20 (-16.67%)
Mutual labels:  golang-application
toggler
toggler is a feature flag service to decouple deployment, feature enrollment and experiments
Stars: ✭ 27 (+12.5%)
Mutual labels:  golang-application
server
Server/API for Vela (Target's official Pipeline Automation Framework)
Stars: ✭ 74 (+208.33%)
Mutual labels:  golang-application
go-mux-jwt-boilerplate
Golang REST API using MUX, GORM, and JWT for authentication
Stars: ✭ 41 (+70.83%)
Mutual labels:  golang-application
certbot-ocsp-fetcher
A tool that primes the OCSP cache of nginx for certificates managed by Certbot, in order to make OCSP stapling work reliably.
Stars: ✭ 18 (-25%)
Mutual labels:  ocsp
gino-keva
A simple Git Notes Key Value store
Stars: ✭ 23 (-4.17%)
Mutual labels:  golang-application
jump-jump
开箱即用,Golang 开发的一个功能完善的短链接系统。URL shortener service developed with golang.
Stars: ✭ 110 (+358.33%)
Mutual labels:  golang-application
View All Similar Projects ➔

gocsp-server

This is a go implementation of a basic OCSP Responder.
The two other options are:

  1. openssl ocsp - does not support GET (safari) and dies on a request it does not understand
  2. openca-ocspd - has memory corruption bugs.

It's a pretty simple protocol wrapped in HTTP.

Refer to RFC 6960: https://tools.ietf.org/html/rfc6960

Building

This was confirmed building with Go 1.10.2, thought it was originally built with 1.7rc6. Your milage may vary with other versions.

  1. Clone the repo
  2. cd into repo
  3. export GOPATH=$PWD (or just clone it into your GOPATH)
  4. go install gocsp-responder/main

Features

  • Supports HTTP GET and POST requests
  • Meant to work seamlessly with easy-rsa
  • Nonce extension supported (will implement more if needed)
  • SSL support (not recommended)
  • It works and doesn't have memory corruption bugs *cough* openca-ocspd *cough*

Limitations

  • Only works with RSA keys (I think)
  • Only PKCS1 (for keys) and PEM (for certs) supported. These are easy-rsa defaults

Tests

This has been tested and working with the openssl ocsp command, Chrome 55.0.2883.95, Firefox 50.1.0, and Safari 10.0.2. It should still work for newer versions of these browsers. I didn't test IE/Edge. If it doesn't work for those, submit an issue.

Options

Option Default Value Description
-bind "" Bind address that the server will listen on (empty string is the same as 0.0.0.0 or all interfaces)
-cacert "ca.crt" CA certificate filename
-index "index.txt" CA index filename (openssl 6 column index.txt file)
-logfile "/var/log/gocsp-responder.log" File to log to
-port 8888 Port that the server will listen on
-rcert "responder.crt" Responder certificate filename
-rkey "responder.key" Responder key filename
-ssl false Use SSL to serve. This is not widely supported and not recommended
-stdout false Log to stdout and not the specified log file
-strict false Ensure Content-Type is application/ocsp-request in requests. Drop request if not. Some browsers (safari) don't supply this

Notes

The ocsp class is pretty much exactly copied from the golang.org/x/crypto/ocsp package. It had to be modified to support extensions so I just copied it in. I may submit a change request for their ocsp class at some point but for now it is modified for this package and included.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].