httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45522] New: OCSP URIs in mod_ssl: use default port and path (if not supplied explicitly)
Date Fri, 01 Aug 2008 11:39:18 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45522

           Summary: OCSP URIs in mod_ssl: use default port and path (if not
                    supplied explicitly)
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: asfbugz@velox.ch
                CC: jorton@redhat.com


Created an attachment (id=22344)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22344)
Proposed patch

When parsing OCSP responder URIs, mod_ssl currently requires them to be in the
format

  http://responder.example.com:8888/responder

Certificates from public CAs frequently omit both the port number and the
url-path component in the AIA extension, however. I.e. we normally see certs
with OCSP URIs such as

  http://EVIntl-ocsp.verisign.com
  http://ocsp.entrust.net
  http://ocsp.quovadisglobal.com
  http://ocsp.comodoca.com

etc. With the attached patch, mod_ssl will use the default port for HTTP and
"/" as the url-path for these "short forms" of OCSP responder URIs.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message