This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit cc086f92e506445602a5cb555efc44fa79ec989c Author: Mark Thomas <[email protected]> AuthorDate: Wed Mar 11 22:26:02 2026 +0000 Align the FFM handling of OCSP TRY_LATER responses with Tomcat Native. Patch by remm --- java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java | 2 ++ webapps/docs/changelog.xml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java index f3ce726f2f..1b0a2aa596 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java @@ -1403,6 +1403,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn return V_OCSP_CERTSTATUS_UNKNOWN(); } return status; + } else { + X509_STORE_CTX_set_error(x509ctx, X509_V_ERR_UNABLE_TO_GET_CRL()); } } } catch (IOException ioe) { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index eb6aa059da..2f9493927c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -300,6 +300,10 @@ <update> Update the recommended version for Tomcat Native 2.x to 2.0.14. (markt) </update> + <fix> + Align the FFM handling of OCSP <code>TRY_LATER</code> responses with + Tomcat Native. (remm) + </fix> </changelog> </subsection> <subsection name="Jasper"> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
