Hello,
I.e., the following: Only ever do valid tickets end up in the cache.
After a period that is *shorter* than the ticket lifetime (one day in my
example), Apache tries to refresh the ticket. If a valid ticket is
returned by the responder, that ticket replaces the currently cached one
and is returned. If an invalid ticket ("try again" or timeout) is
returned by the responder, the valid cached ticket is returned.
Did you read
https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html
? Judging by https://bz.apache.org/bugzilla/show_bug.cgi?id=57121 it is
still unfixed, I wonder why too.
--
With Best Regards,
Marat Khalili
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
