Checks if tls request contains successful oscp response, needs sslyze installed. Can be used as a nagios plugin.

ocsp_checker.py

#!/bin/python3

import sys

def check_ocsp(servername, port=443):
  from sslyze.plugins.certificate_info_plugin import CertificateInfoScanCommand, OcspResponseStatusEnum
	from sslyze.synchronous_scanner import SynchronousScanner
	from sslyze.server_connectivity_tester import ServerConnectivityTester

	server_tester = ServerConnectivityTester(hostname=servername, port=port)
	server_info = server_tester.perform()
	synchronous_scanner = SynchronousScanner()
	command = CertificateInfoScanCommand()
	scan_result = synchronous_scanner.run_scan_command(server_info, command)

	print(scan_result.ocsp_response)
	assert(scan_result.ocsp_response_status == OcspResponseStatusEnum.SUCCESSFUL)
	exit(0)

if __name__ == '__main__':
	assert(len(sys.argv) > 1)
	check_ocsp(sys.argv[1])