https://bz.apache.org/bugzilla/show_bug.cgi?id=66078
Bug ID: 66078
Summary: mod_md should not attach outdated OCSP response
Product: Apache httpd-2
Version: 2.4.53
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_md
Assignee: bugs@httpd.apache.org
Reporter: odi@odi.ch
Target Milestone: ---
If upstream OCSP responds with expired data (happens when it is unable to
update the signatures in time), then mod_md attaches that outdated data to the
SSL handshake, which leads to error messages in the client. This happens
approximately once per year in some commercial providers during a few hours.
Better not attach OCSP responses (and actively remove them from cache) when
they have expired.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 66078
Summary: mod_md should not attach outdated OCSP response
Product: Apache httpd-2
Version: 2.4.53
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_md
Assignee: bugs@httpd.apache.org
Reporter: odi@odi.ch
Target Milestone: ---
If upstream OCSP responds with expired data (happens when it is unable to
update the signatures in time), then mod_md attaches that outdated data to the
SSL handshake, which leads to error messages in the client. This happens
approximately once per year in some commercial providers during a few hours.
Better not attach OCSP responses (and actively remove them from cache) when
they have expired.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org