|Subject:||Adding support for generating OCSP responses|
Currently Net::SSLeay cannot be used to create an OCSP responder (at least as far as I can tell). I would to enhance it to be able to do that. When finished my plan is to submit a patch for potential inclusion. I have a horrible hack working now, which though functional would not (should not?) meet the bar for inclusion. Before I clean it up though I wanted to get some opinions for the maintainers. Essentially I want to replicate the functionality of make_ocsp_request in apps/ocsp.c. The first directional question is do I drop that call (and all of its dependencies) as a helper function into SSLeay.xs, or do I implement the 15 or so calls that it uses that are not already in Net::SSLeay and write make_ocsp_request in perl. The former has a bit junky on the inside, provides less flexibility, but makes the smallest change to the interface. The latter will add a bunch of calls that will then need to be documented and maintained, but provides tons of flexibility and expands the capabilities of Net::SSLeay beyond just OCSP responses (possibly). What is the preferred direction? By the way, is there a best practice for XS calls that need to allocate memory? I may need an OPENSSL_malloc, but I see that nowhere else in SSLeay.xs is a malloc made which leads me to think that may be something to avoid.