[Bug 66078] New: mod_md should not attach outdated OCSP response

bugzilla Fri, 20 May 2022 01:49:43 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66078


            Bug ID: 66078
           Summary: mod_md should not attach outdated OCSP response
           Product: Apache httpd-2
           Version: 2.4.53
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_md
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

If upstream OCSP responds with expired data (happens when it is unable to
update the signatures in time), then mod_md attaches that outdated data to the
SSL handshake, which leads to error messages in the client. This happens
approximately once per year in some commercial providers during a few hours.

Better not attach OCSP responses (and actively remove them from cache) when
they have expired.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 66078] New: mod_md should not attach outdated OCSP response

Reply via email to