httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50740] Enable OCSP Stapling by default
Date Tue, 07 Jun 2011 02:54:31 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50740

--- Comment #4 from Koichi Sugimoto <koichi.sugimoto@globalsign.co.jp> 2011-06-07 02:54:31
UTC ---
I've now been investigating if the stapling correctry works.
The build successfully conpleted and the apache process invoked without error.
But when I access to the apache via IE8 and firefox 3.5, no OCSP request comes
from the apache.

The browser's behaviour:
IE8 directly requests to the OCSP responder.
Firefox shows "Invalid OCSP signing certificate in OCSP response." and stops
the connection.

The following is my environment:
The version of the apache is httpd-2.3.12-beta.
The openssl version is 1.0.0.
The OS is CentOS 5.

The corresponding configuration has the following fields:
SSLStaplingCache dbm:/tmp/staples
SSLUseStapling on
SSLCACertificateFile "/usr/local/apache_ocsp/conf/server-ca.crt"


The following error log was generated by the apache:
[Mon Jun 06 19:01:50.275314 2011] [ssl:error] [pid 17404:tid 3075525520]
stapling_check_response: response times invalid
[Mon Jun 06 19:01:50.275376 2011] [ssl:error] [pid 17404:tid 3075525520]
stapling_renew_response: error in retreived response!
[Mon Jun 06 19:01:50.275394 2011] [ssl:error] [pid 17404:tid 3075525520]
stapling_cache_response: OCSP response session store error!
[Mon Jun 06 19:01:50.275404 2011] [ssl:error] [pid 17404:tid 3075525520]
stapling_renew_response: error caching response!

After that I've adjusted the machine time, but nothing changed.

Is there any code fix required ?
Or some additional setting ?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message