[TLS 1.3] OCSP Stapling

[reneme]

Pull Request Dependencies

• [TLS 1.3] Refactor: Prepare for TLS 1.3 Server #3062
• [TLS 1.3] Basic Server Implementation #3053
• [TLS 1.3] Server-Side Client Authentication #3081

Description

This introduces active support for OCSP stapling for certificate-based authentication of both TLS 1.3 servers and clients.

I refactored the existing Certificate_Status_Request extension that was already used in TLS 1.2 but changed its semantics in TLS 1.3. Relevant RFC sections are referenced in the code. TL;DR: In TLS 1.3 Certificate_Status_Request is used as an extension to individual CertificateEntry structures in the Certificate handshake message. Though, the extension's body is equal to the Certificate_Status handshake message used in TLS 1.2 🤯

New Callback: TLS::Callbacks::tls_provide_cert_chain_status()

... that allows applications to provide stapled OCSP responses for all (or some) certificates added to the Certificate handshake message. To the best of my understanding, previous versions of TLS allowed stapled OCSP responses for the leaf certificate, only.

By default, this callback invokes the old tls_provide_cert_status() callback: mimicking the behavior of TLS 1.2 and stapling an OCSP response for the leaf certificate, only.

BoGo

Note that this enables several BoGo tests that are not necessarily related to OCSP stapling. In fact, the relevant tests for OCSP stapling cannot be enabled yet: They all depend on session resumption that is future work. However, the initial handshakes (with OCSP stapling) were successful, the tests fail due to the inability to resume the session later on.

[codecov-commenter]

Codecov Report

Base: 88.00% // Head: 87.95% // Decreases project coverage by -0.04% ⚠️

Coverage data is based on head (26c074c) compared to base (7793d70).
Patch coverage: 85.16% of modified lines in pull request are covered.

❗ Current head 26c074c differs from pull request most recent head 3ad1a6b. Consider uploading reports for the commit 3ad1a6b to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3112      +/-   ##
==========================================
- Coverage   88.00%   87.95%   -0.05%     
==========================================
  Files         600      600              
  Lines       67055    66871     -184     
  Branches     6696     6687       -9     
==========================================
- Hits        59011    58819     -192     
- Misses       5219     5227       +8     
  Partials     2825     2825              

Impacted Files	Coverage Δ
src/bogo_shim/bogo_shim.cpp	72.99% <0.00%> (-0.06%)	⬇️
src/lib/tls/tls_client.cpp	83.92% <ø> (ø)
src/lib/tls/tls_session.cpp	85.71% <0.00%> (ø)
src/cli/tls_client.cpp	60.24% <42.85%> (ø)
src/lib/tls/tls_extensions.cpp	82.01% <50.00%> (ø)
src/lib/tls/msg_cert_verify.cpp	90.36% <60.00%> (ø)
src/lib/tls/msg_client_hello.cpp	81.21% <65.00%> (+2.68%)	⬆️
src/lib/tls/tls13/msg_encrypted_extensions.cpp	76.92% <66.66%> (ø)
src/lib/tls/tls13/msg_certificate_req_13.cpp	73.17% <73.68%> (ø)
src/lib/tls/tls_extensions_cert_status_req.cpp	79.24% <78.84%> (-4.09%)	⬇️
... and 75 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[randombit]

I just reviewed the final commits

[randombit]

Outstanding issue here? I don't understand what this TODO refers to

[reneme]

I was wondering about the hard-coded serialization and wanted to find out what is going on here. For reference, this is now:

         // Serialization is hard-coded as we don't support advanced features
         // of this extension anyway.
         return
            {
            1,    // status_type = ocsp
            0, 0, // empty responder_id_list
            0, 0, // no extensions
            };