httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Fri, 24 Jun 2011 13:47:26 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #10 from Koichi Sugimoto <koichi.sugimoto@globalsign.co.jp> 2011-06-24 13:47:26
UTC ---
Hello Sirs,

I've investigated with Opera 11.11, IE9 and Chrome 12.0.
The OCSP responder is deginated type (see below).
  http://tools.ietf.org/id/draft-cooper-pkix-rfc2560bis-00.txt
And the OCSP responder is configured to reply only ocsp signing certificate.

IE9 and Opera 11.11 seems to be work correctly with apache 2.3.12-bata.
But Chrome 12.0 requests directly to the OCSP responder, even if apache replies
ocsp response as certificate status.
I do not know whether it is Chrome's bug or some interoperability problem.

Note that the size of ocsp response is > 1K, therefore, we cannot use
socache-dbm (it's too small to chache the ocsp response).

We have to check with other types of ocsp responders.


Regards,
Koichi Sugimoto.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message