I am required to, using Go, as a client do OCSP revocation checking of server certificate before completing a TLS handshake, i.e [initiate handshake -> get server cert -> check revocation status -> if revoked abort], and not [initiate handshake -> complete handshake -> check revocation status]
Using Go's standard TLS library this does not seem possible, as tls.Dial does not seem to do any OCSP checking. Another possible workaround would be to fetch the server certificate without performing a handshake, then check revocation status, and if status is OK, redo the handshake using tls.Dial, but I couldn't find a way to do it in Go.
Any suggestions on how to solve this particular problem?