views:

704

answers:

3

Hi all! Going back to my previous question on OCSP, does anybody know of "reliable" OCSP libraries for Python, Java and C?

I need "client" OCSP functionality, as I'll be checking the status of Certs against an OCSP responder, so responder functionality is not that important.

Thanks

+1  A: 

Have you check pyOpenSSL.. am sure openssl supports ocsp and python binding may support it

+2  A: 

Java 5 has support of revocation checking via OCSP built in. If you want to build an OCSP responder, or have finer control over revocation checking, check out Bouncy Castle. You can use this to implement your own CertPathChecker that, for example, uses non-blocking I/O in its status checks.

erickson
A: 

OpenSSL is the most widely used product for OCSP in C. It's quite reliable, although incredibly obtuse. I'd recommend looking at apps/ocsp.c for a pretty good example of how to make OCSP requests and validate responses.

Vista and Server 2008 have built-in OCSP support in CAPI; check out CertVerifyRevocation.

Seth