Configuration to receive OCSP stapling response for client connections and callback implementation to verify the response if the server returns any response

NetSSL_OpenSSL/include/Poco/Net/Context.h

@@ -156,6 +156,10 @@ public:
 			/// Specifies whether the builtin CA certificates from OpenSSL are used.
 			/// Defaults to false.
 
+		bool ocspStaplingVerification;
+			/// Specifies whether Client should verify OCSP Response
+			/// Defaults to false.
+
 		std::string cipherList;
 			/// Specifies the supported ciphers in OpenSSL notation.
 			/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
@@ -395,7 +399,11 @@ public:
 		/// When choosing a cipher, use the server's preferences instead of the client
 		/// preferences. When not called, the SSL server will always follow the clients
 		/// preferences. When called, the SSL/TLS server will choose following its own
-		/// preferences.
+		/// preferences.	
+		
+	bool ocspStaplingResponseVerificationEnabled() const;
+		/// Returns true if automatic OCSP response
+		/// reception and verification is enabled for client connections
 
 private:
 	void init(const Params& params);
@@ -415,6 +423,7 @@ private:
 	VerificationMode _mode;
 	SSL_CTX* _pSSLContext;
 	bool _extendedCertificateVerification;
+	bool _ocspStaplingResponseVerification;
 };
 
 

NetSSL_OpenSSL/include/Poco/Net/SSLManager.h

@@ -278,6 +278,11 @@ protected:
 		/// Throws a InvalidStateException if not application instance
 		/// is available.
 
+	static int verifyOCSPResponse(SSL *s, void *arg);
+		/// The return value of this method defines how errors in
+		/// verification are handled. Return 0 to terminate the handshake,
+		/// or 1 to continue despite the error.
+
 private:
 	SSLManager();
 		/// Creates the SSLManager.