I want to send SCT(Signed Certificate Timestamp) data on server side as a TLS extension, But I did not find any functions that support this operation in the openssl manpage(https://www.openssl.org/docs/man1.1.1/man3/).Thanks for help if there is any suggesstions.
Asked
Active
Viewed 352 times
2 Answers
0
There is no direct support for sending this. However, you can use the SSL_CTX_use_serverinfo_ex or SSL_CTX_use_serverinfo functions to send arbitrary extensions data which should be sufficient for your purpose.
See:
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_use_serverinfo_ex.html
Matt Caswell
- 8,167
- 25
- 28
-
Thanks for your help! I will look into this manpage – wildoranges Mar 30 '22 at 06:57
0
Why you need SCT extension? there is no any reason to use SCT! chrome work's fine without SCT!
openssl not support SCT extension, but it support adding data by custom OID. so OID of SCT extension is 1.3.6.1.4.1.11129.2.4.2.
example:
in config file add
1.3.6.1.4.1.11129.2.4.2 = ASN1:UTF8String:My random DATA
voaliy!
Alexandr
- 154
- 1
- 7