OCSP in 2.4 with OpenSSL 0.9.8(zh)

[Rainer Jung]

I get test suite failures for t/ssl/ocsp.t when the server is build 
against OpenSSL 0.9.8zh. I can't judge on whether that is expected for 
OpenSSL 0.9.8.

Example error log:
...
18 14:15:11.833126 [ssl:debug] ssl_util_ocsp.c(406): Configuring Trusted 
OCSP certificates
...
18 14:15:12.238943 [ssl:info] AH01876: mod_ssl/2.4.36 compiled against 
Server: Apache/2.4.36, Library: OpenSSL/0.9.8zh
...
18 14:15:14.015398 [ssl:info] AH01964: Connection to child 0 established 
(server localhost:8535)
18 14:15:14.015949 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL 
virtual host for servername localhost found
18 14:15:14.143610 [ssl:info] AH02008: SSL library error 1 in handshake 
(server localhost:8535)
18 14:15:14.143662 [ssl:info] SSL Library Error: error:140890C7:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate 
-- No CAs known to server for verification?
18 14:15:14.143670 [ssl:info] AH01998: Connection closed to child 0 with 
abortive shutdown (server localhost:8535)

18 14:15:14.166594 [ssl:info] AH01964: Connection to child 1 established 
(server localhost:8535)
18 14:15:14.166901 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL 
virtual host for servername localhost found
18 14:15:14.208760 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: 
Certificate Verification, depth 1, CRL checking mode: none (0) [subject: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: B959B377BC9B01EE / notbefore: Oct 
18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT]
18 14:15:14.208953 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: 
Certificate Verification, depth 0, CRL checking mode: none (0) [subject: 
emailAddress=test-...@httpd.apache.org,CN=client_ok,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: 09 / notbefore: Oct 18 01:35:08 
2018 GMT / notafter: Oct 18 01:35:08 2019 GMT]
18 14:15:14.209355 [ssl:debug] ssl_util_ocsp.c(99): AH01973: connecting 
to OCSP responder 'localhost:8529'
18 14:15:14.209449 [ssl:debug] ssl_util_ocsp.c(125): AH01975: sending 
request to OCSP responder
18 14:15:14.270405 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Date: Thu, 18 Oct 2018 12:15:14 GMT
18 14:15:14.270423 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Server: Apache/2.4.36 (Unix) OpenSSL/0.9.8zh
18 14:15:14.270428 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Vary: In-If1
18 14:15:14.270432 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: DMMATCH1: 1
18 14:15:14.270436 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Connection: close
18 14:15:14.270440 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Content-Type: application/ocsp-response
18 14:15:14.276787 [ssl:error] AH01988: failed to decode OCSP response data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.276823 [ssl:error] SSL Library Error: error:0D06B08E:asn1 
encoding routines:ASN1_D2I_READ_BIO:not enough data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.276950 [ssl:info] AH02276: Certificate Verification: Error 
(50): application verification failure [subject: 
emailAddress=test-...@httpd.apache.org,CN=client_ok,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: 09 / notbefore: Oct 18 01:35:08 
2018 GMT / notafter: Oct 18 01:35:08 2019 GMT]
18 14:15:14.277136 [ssl:info] AH02008: SSL library error 1 in handshake 
(server localhost:8535)
18 14:15:14.277156 [ssl:info] SSL Library Error: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
18 14:15:14.277162 [ssl:info] AH01998: Connection closed to child 1 with 
abortive shutdown (server localhost:8535)

18 14:15:14.284803 [ssl:info] AH01964: Connection to child 0 established 
(server localhost:8535)
18 14:15:14.285098 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL 
virtual host for servername localhost found
18 14:15:14.326054 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: 
Certificate Verification, depth 1, CRL checking mode: none (0) [subject: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: B959B377BC9B01EE / notbefore: Oct 
18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT]
18 14:15:14.326248 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: 
Certificate Verification, depth 0, CRL checking mode: none (0) [subject: 
emailAddress=test-...@httpd.apache.org,CN=client_revoked,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: 01 / notbefore: Oct 18 01:35:05 
2018 GMT / notafter: Oct 18 01:35:05 2019 GMT]
18 14:15:14.326491 [ssl:debug] ssl_util_ocsp.c(99): AH01973: connecting 
to OCSP responder 'localhost:8529'
18 14:15:14.326574 [ssl:debug] ssl_util_ocsp.c(125): AH01975: sending 
request to OCSP responder
18 14:15:14.371043 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Date: Thu, 18 Oct 2018 12:15:14 GMT
18 14:15:14.371060 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Server: Apache/2.4.36 (Unix) OpenSSL/0.9.8zh
18 14:15:14.371065 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Vary: In-If1
18 14:15:14.371070 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: DMMATCH1: 1
18 14:15:14.371073 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Connection: close
18 14:15:14.371077 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP 
response header: Content-Type: application/ocsp-response
18 14:15:14.375883 [ssl:error] AH01988: failed to decode OCSP response data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.375914 [ssl:error] SSL Library Error: error:0D06B08E:asn1 
encoding routines:ASN1_D2I_READ_BIO:not enough data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.376043 [ssl:info] AH02276: Certificate Verification: Error 
(50): application verification failure [subject: 
emailAddress=test-...@httpd.apache.org,CN=client_revoked,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / issuer: 
emailAddress=test-...@httpd.apache.org,CN=ca,OU=httpd-test,O=ASF,L=San 
Francisco,ST=California,C=US / serial: 01 / notbefore: Oct 18 01:35:05 
2018 GMT / notafter: Oct 18 01:35:05 2019 GMT]
18 14:15:14.376227 [ssl:info] AH02008: SSL library error 1 in handshake 
(server localhost:8535)
18 14:15:14.376243 [ssl:info] SSL Library Error: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
18 14:15:14.376248 [ssl:info] AH01998: Connection closed to child 0 with 
abortive shutdown (server localhost:8535)

Regards,

Rainer