Open
Conversation
Three examples demonstrating the new OCSP Responder API: 1. ocsp-request-response.c - Pure API usage: encode DER OCSP requests from certificates, generate signed responses, and verify them in memory without networking. 2. ocsp-responder-http.c - Minimal HTTP server that accepts POST requests with DER OCSP payloads and returns signed responses. 3. nginx-scgi/ - Production-style deployment using nginx as HTTP frontend with wolfclu running as an SCGI backend for OCSP processing.
There was a problem hiding this comment.
Pull request overview
Adds a new ocsp/responder/ set of examples showcasing the wolfSSL OCSP Responder API, including in-memory request/response generation, a minimal HTTP responder, and an nginx+SCGI deployment pattern using wolfCLU.
Changes:
- Added two C examples: raw DER OCSP request/response and a minimal HTTP POST responder.
- Added shared PEM->DER file loading helpers and a local Makefile to build the examples.
- Added nginx+SCGI deployment example (config + run script) and documented how to run all examples.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| ocsp/responder/README.md | Documents the new responder examples and how to build/run them. |
| ocsp/responder/ocsp-request-response.c | In-memory OCSP request encode + response sign + verification flow example. |
| ocsp/responder/ocsp-responder-http.c | Minimal socket-based HTTP responder that returns signed OCSP responses. |
| ocsp/responder/ocsp-load-certs.h | Shared file/cert/key loading helpers for the C examples. |
| ocsp/responder/nginx-scgi/run.sh | Script to stand up wolfCLU SCGI backend + nginx frontend for OCSP. |
| ocsp/responder/nginx-scgi/nginx-ocsp.conf | Example nginx config to SCGI-pass OCSP requests to wolfCLU. |
| ocsp/responder/Makefile | Builds the responder examples against an installed wolfSSL. |
| .gitignore | Ignores the newly built responder example binaries. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add missing <time.h> include for time(NULL) usage - Replace atoi() with strtol() and validate Content-Length in RecvHttp and ParsePost to reject negative/overflowing values - Add SendAll() helper to handle partial send() writes - Check return values of socket(), setsockopt(), and listen()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three examples demonstrating the new OCSP Responder API:
ocsp-request-response.c - Pure API usage: encode DER OCSP requests
from certificates, generate signed responses, and verify them
in memory without networking.
ocsp-responder-http.c - Minimal HTTP server that accepts POST
requests with DER OCSP payloads and returns signed responses.
nginx-scgi/ - Production-style deployment using nginx as HTTP
frontend with wolfclu running as an SCGI backend for OCSP
processing.