httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Fri, 10 Jun 2011 13:10:40 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #6 from Koichi Sugimoto <koichi.sugimoto@globalsign.co.jp> 2011-06-10 13:10:40
UTC ---
(In reply to comment #5)
> What version of Windows are you using?
> IE8 on XP doesn't support OCSP Stapling.

IE8 on Windows7 I used.

> > Firefox shows "Invalid OCSP signing certificate in OCSP response." and stops
> > the connection.
> No version of Firefox supports OCSP Stapling yet.

OK.
I see.

> > The following error log was generated by the apache:
> > [Mon Jun 06 19:01:50.275314 2011] [ssl:error] [pid 17404:tid 3075525520]
> > stapling_check_response: response times invalid
> I wonder if the "response times invalid" error from Apache and the "Invalid
> OCSP signing certificate" error from Firefox are related.
> Has your OCSP Signing Certificate expired, by any chance?
> Is your httpd-2.3.12-beta server publicly accessible?

Sorry, my server is at local.
I'm sure that the certificate is valid.
But my ocsp responder is integrated type.
  http://www.ietf.org/id/draft-ietf-pkix-rfc2560bis-03.txt

Does the apache support this type of ocsp responder?
The following is the dump of my ocsp response:

E:\Public>openssl asn1parse -in resp.der -inform der -offset 30
    0:d=0  hl=4 l=2297 cons: SEQUENCE
    4:d=1  hl=3 l= 168 cons: SEQUENCE
    7:d=2  hl=2 l=  22 cons: cont [ 2 ]
    9:d=3  hl=2 l=  20 prim: OCTET STRING      [HEX
DUMP]:98B84D5851AC6AC878CEF3
6D603630F42F376AC6
   31:d=2  hl=2 l=  15 prim: GENERALIZEDTIME   :20300610125444Z
   48:d=2  hl=2 l=  88 cons: SEQUENCE
   50:d=3  hl=2 l=  86 cons: SEQUENCE
   52:d=4  hl=2 l=  65 cons: SEQUENCE
   54:d=5  hl=2 l=   9 cons: SEQUENCE
   56:d=6  hl=2 l=   5 prim: OBJECT            :sha1
   63:d=6  hl=2 l=   0 prim: NULL
   65:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX
DUMP]:45C673D23D1D36BF2BC964
CEDEEAF31633815019
   87:d=5  hl=2 l=  20 prim: OCTET STRING      [HEX
DUMP]:98B84D5851AC6AC878CEF3
6D603630F42F376AC6
  109:d=5  hl=2 l=   8 prim: INTEGER           :233EBDF465BFE99F
  119:d=4  hl=2 l=   0 prim: cont [ 0 ]
  121:d=4  hl=2 l=  15 prim: GENERALIZEDTIME   :20300610125444Z
  138:d=2  hl=2 l=  35 cons: cont [ 1 ]
  140:d=3  hl=2 l=  33 cons: SEQUENCE
  142:d=4  hl=2 l=  31 cons: SEQUENCE
  144:d=5  hl=2 l=   9 prim: OBJECT            :OCSP Nonce
  155:d=5  hl=2 l=  18 prim: OCTET STRING      [HEX
DUMP]:0410C4CC2C3B761AB9D2AB
EB781E9D5A23C1
  175:d=1  hl=2 l=  13 cons: SEQUENCE
  177:d=2  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  188:d=2  hl=2 l=   0 prim: NULL
  190:d=1  hl=4 l= 257 prim: BIT STRING
  451:d=1  hl=4 l=1846 cons: cont [ 0 ]
  455:d=2  hl=4 l=1842 cons: SEQUENCE
  459:d=3  hl=4 l= 984 cons: SEQUENCE
  463:d=4  hl=4 l= 704 cons: SEQUENCE
  467:d=5  hl=2 l=   3 cons: cont [ 0 ]
  469:d=6  hl=2 l=   1 prim: INTEGER           :02
  472:d=5  hl=2 l=   8 prim: INTEGER           :583314EC6A82AAEF
  482:d=5  hl=2 l=  13 cons: SEQUENCE
  484:d=6  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
  495:d=6  hl=2 l=   0 prim: NULL
  497:d=5  hl=2 l=  71 cons: SEQUENCE
  499:d=6  hl=2 l=  20 cons: SET
  501:d=7  hl=2 l=  18 cons: SEQUENCE
  503:d=8  hl=2 l=   3 prim: OBJECT            :commonName
  508:d=8  hl=2 l=  11 prim: PRINTABLESTRING   :TestRootCA1
  521:d=6  hl=2 l=  13 cons: SET
  523:d=7  hl=2 l=  11 cons: SEQUENCE
  525:d=8  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  530:d=8  hl=2 l=   4 prim: PRINTABLESTRING   :Test
  536:d=6  hl=2 l=  19 cons: SET
  538:d=7  hl=2 l=  17 cons: SEQUENCE
  540:d=8  hl=2 l=   3 prim: OBJECT            :organizationName
  545:d=8  hl=2 l=  10 prim: PRINTABLESTRING   :GlobalSign
  557:d=6  hl=2 l=  11 cons: SET
  559:d=7  hl=2 l=   9 cons: SEQUENCE
  561:d=8  hl=2 l=   3 prim: OBJECT            :countryName
  566:d=8  hl=2 l=   2 prim: PRINTABLESTRING   :JP
  570:d=5  hl=2 l=  30 cons: SEQUENCE
  572:d=6  hl=2 l=  13 prim: UTCTIME           :080422084249Z
  587:d=6  hl=2 l=  13 prim: UTCTIME           :130421084249Z
  602:d=5  hl=2 l=  78 cons: SEQUENCE
  604:d=6  hl=2 l=  27 cons: SET
  606:d=7  hl=2 l=  25 cons: SEQUENCE
  608:d=8  hl=2 l=   3 prim: OBJECT            :commonName
  613:d=8  hl=2 l=  18 prim: PRINTABLESTRING   :TestSubordinateCA1
  633:d=6  hl=2 l=  13 cons: SET
  635:d=7  hl=2 l=  11 cons: SEQUENCE
  637:d=8  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
  642:d=8  hl=2 l=   4 prim: PRINTABLESTRING   :Test
  648:d=6  hl=2 l=  19 cons: SET
  650:d=7  hl=2 l=  17 cons: SEQUENCE
  652:d=8  hl=2 l=   3 prim: OBJECT            :organizationName
  657:d=8  hl=2 l=  10 prim: PRINTABLESTRING   :GlobalSign
  669:d=6  hl=2 l=  11 cons: SET
  671:d=7  hl=2 l=   9 cons: SEQUENCE
  673:d=8  hl=2 l=   3 prim: OBJECT            :countryName
  678:d=8  hl=2 l=   2 prim: PRINTABLESTRING   :JP
  682:d=5  hl=4 l= 290 cons: SEQUENCE
  686:d=6  hl=2 l=  13 cons: SEQUENCE
  688:d=7  hl=2 l=   9 prim: OBJECT            :rsaEncryption
  699:d=7  hl=2 l=   0 prim: NULL
  701:d=6  hl=4 l= 271 prim: BIT STRING
  976:d=5  hl=3 l= 192 cons: cont [ 3 ]
  979:d=6  hl=3 l= 189 cons: SEQUENCE
  982:d=7  hl=2 l=  29 cons: SEQUENCE
  984:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
  989:d=8  hl=2 l=  22 prim: OCTET STRING      [HEX
DUMP]:041498B84D5851AC6AC878
CEF36D603630F42F376AC6
 1013:d=7  hl=2 l=  18 cons: SEQUENCE
 1015:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
 1020:d=8  hl=2 l=   1 prim: BOOLEAN           :255
 1023:d=8  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020100
 1033:d=7  hl=2 l=  31 cons: SEQUENCE
 1035:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
 1040:d=8  hl=2 l=  24 prim: OCTET STRING      [HEX
DUMP]:30168014ABF0A26A74DD4F
49AF8E2A3CBBA2C89BECBA39A1
 1066:d=7  hl=2 l=  17 cons: SEQUENCE
 1068:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Certificate Policies
 1073:d=8  hl=2 l=  10 prim: OCTET STRING      [HEX DUMP]:300830060604551D2000
 1085:d=7  hl=2 l=  68 cons: SEQUENCE
 1087:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
 1092:d=8  hl=2 l=  61 prim: OCTET STRING      [HEX
DUMP]:303B3039A037A035863368
7474703A2F2F67737465636831302E676C6F62616C7369676E2E636F6D2F63726C732F5465737452
6F6F744341312E63726C
 1155:d=7  hl=2 l=  14 cons: SEQUENCE
 1157:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
 1162:d=8  hl=2 l=   1 prim: BOOLEAN           :255
 1165:d=8  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020106
 1171:d=4  hl=2 l=  13 cons: SEQUENCE
 1173:d=5  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
 1184:d=5  hl=2 l=   0 prim: NULL
 1186:d=4  hl=4 l= 257 prim: BIT STRING
 1447:d=3  hl=4 l= 850 cons: SEQUENCE
 1451:d=4  hl=4 l= 570 cons: SEQUENCE
 1455:d=5  hl=2 l=   3 cons: cont [ 0 ]
 1457:d=6  hl=2 l=   1 prim: INTEGER           :02
 1460:d=5  hl=2 l=   8 prim: INTEGER           :10E30DFE5E06C68A
 1470:d=5  hl=2 l=  13 cons: SEQUENCE
 1472:d=6  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
 1483:d=6  hl=2 l=   0 prim: NULL
 1485:d=5  hl=2 l=  71 cons: SEQUENCE
 1487:d=6  hl=2 l=  20 cons: SET
 1489:d=7  hl=2 l=  18 cons: SEQUENCE
 1491:d=8  hl=2 l=   3 prim: OBJECT            :commonName
 1496:d=8  hl=2 l=  11 prim: PRINTABLESTRING   :TestRootCA1
 1509:d=6  hl=2 l=  13 cons: SET
 1511:d=7  hl=2 l=  11 cons: SEQUENCE
 1513:d=8  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
 1518:d=8  hl=2 l=   4 prim: PRINTABLESTRING   :Test
 1524:d=6  hl=2 l=  19 cons: SET
 1526:d=7  hl=2 l=  17 cons: SEQUENCE
 1528:d=8  hl=2 l=   3 prim: OBJECT            :organizationName
 1533:d=8  hl=2 l=  10 prim: PRINTABLESTRING   :GlobalSign
 1545:d=6  hl=2 l=  11 cons: SET
 1547:d=7  hl=2 l=   9 cons: SEQUENCE
 1549:d=8  hl=2 l=   3 prim: OBJECT            :countryName
 1554:d=8  hl=2 l=   2 prim: PRINTABLESTRING   :JP
 1558:d=5  hl=2 l=  30 cons: SEQUENCE
 1560:d=6  hl=2 l=  13 prim: UTCTIME           :080422083552Z
 1575:d=6  hl=2 l=  13 prim: UTCTIME           :180420083552Z
 1590:d=5  hl=2 l=  71 cons: SEQUENCE
 1592:d=6  hl=2 l=  20 cons: SET
 1594:d=7  hl=2 l=  18 cons: SEQUENCE
 1596:d=8  hl=2 l=   3 prim: OBJECT            :commonName
 1601:d=8  hl=2 l=  11 prim: PRINTABLESTRING   :TestRootCA1
 1614:d=6  hl=2 l=  13 cons: SET
 1616:d=7  hl=2 l=  11 cons: SEQUENCE
 1618:d=8  hl=2 l=   3 prim: OBJECT            :organizationalUnitName
 1623:d=8  hl=2 l=   4 prim: PRINTABLESTRING   :Test
 1629:d=6  hl=2 l=  19 cons: SET
 1631:d=7  hl=2 l=  17 cons: SEQUENCE
 1633:d=8  hl=2 l=   3 prim: OBJECT            :organizationName
 1638:d=8  hl=2 l=  10 prim: PRINTABLESTRING   :GlobalSign
 1650:d=6  hl=2 l=  11 cons: SET
 1652:d=7  hl=2 l=   9 cons: SEQUENCE
 1654:d=8  hl=2 l=   3 prim: OBJECT            :countryName
 1659:d=8  hl=2 l=   2 prim: PRINTABLESTRING   :JP
 1663:d=5  hl=4 l= 290 cons: SEQUENCE
 1667:d=6  hl=2 l=  13 cons: SEQUENCE
 1669:d=7  hl=2 l=   9 prim: OBJECT            :rsaEncryption
 1680:d=7  hl=2 l=   0 prim: NULL
 1682:d=6  hl=4 l= 271 prim: BIT STRING
 1957:d=5  hl=2 l=  66 cons: cont [ 3 ]
 1959:d=6  hl=2 l=  64 cons: SEQUENCE
 1961:d=7  hl=2 l=  29 cons: SEQUENCE
 1963:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
 1968:d=8  hl=2 l=  22 prim: OCTET STRING      [HEX
DUMP]:0414ABF0A26A74DD4F49AF
8E2A3CBBA2C89BECBA39A1
 1992:d=7  hl=2 l=  15 cons: SEQUENCE
 1994:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints
 1999:d=8  hl=2 l=   1 prim: BOOLEAN           :255
 2002:d=8  hl=2 l=   5 prim: OCTET STRING      [HEX DUMP]:30030101FF
 2009:d=7  hl=2 l=  14 cons: SEQUENCE
 2011:d=8  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage
 2016:d=8  hl=2 l=   1 prim: BOOLEAN           :255
 2019:d=8  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:03020106
 2025:d=4  hl=2 l=  13 cons: SEQUENCE
 2027:d=5  hl=2 l=   9 prim: OBJECT            :sha1WithRSAEncryption
 2038:d=5  hl=2 l=   0 prim: NULL
 2040:d=4  hl=4 l= 257 prim: BIT STRING

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message