httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bannister <>
Subject Re: SSLUseStapling: ssl handshake fails until httpd restart
Date Sun, 04 Oct 2015 10:46:43 GMT
On 4 Oct 2015, at 11:38, Kaspar Brand wrote:
> As far as the mod_ssl side is related, it seems to me that for the "SSLStaplingReturnResponderErrors
off" case, we should make sure that we only staple responses with status "good" (i.e. OCSP_RESPONSE_STATUS_SUCCESSFUL
and V_OCSP_CERTSTATUS_GOOD for the cert).

If the OCSP response is successful but the status isn't V_OCSP_CERTSTATUS_GOOD, I'd want httpd
to at least log a warning (as well as not stapling the OCSP information). Maybe even add a
Warning: header for any client that's interested.

I can attempt a patch for this if other people think it'd be useful.

Tim Bannister –

View raw message