See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_tlsext_status_cb.html
In a nutshell:
-
On the client side, prior to starting a SSL/TLS handshake, call SSL_CTX_set_tlsext_status_cb() to enable a status callback function, and SSL_set_tlsext_status_type(TLSEXT_STATUSTYPE_ocsp) to request OCSP from the server. The callback function can then use SSL_get_tlsext_status_ocsp_resp() and d2i_OCSP_RESPONSE() to access the server's OCSP response data.
-
On the server side, call SSL_CTX_set_tlsext_status_cb() to enable a status callback function. The callback function can then use SSL_get_certificate() to access the certificate that is being sent to the client, obtain the desired OCSP response to be sent back as needed, and finally use SSL_set_tlsext_status_ocsp_resp() to include that response data with the certificate.
See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_tlsext_status_cb.html
In a nutshell:
On the client side, prior to starting a SSL/TLS handshake, call
SSL_CTX_set_tlsext_status_cb()to enable a status callback function, andSSL_set_tlsext_status_type(TLSEXT_STATUSTYPE_ocsp)to request OCSP from the server. The callback function can then useSSL_get_tlsext_status_ocsp_resp()andd2i_OCSP_RESPONSE()to access the server's OCSP response data.On the server side, call
SSL_CTX_set_tlsext_status_cb()to enable a status callback function. The callback function can then useSSL_get_certificate()to access the certificate that is being sent to the client, obtain the desired OCSP response to be sent back as needed, and finally useSSL_set_tlsext_status_ocsp_resp()to include that response data with the certificate.