Mailing List Archive

[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #1 from Giovanni Bechis <giovanni@paclan.it> ---
Created attachment 37011
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37011&action=edit
Possible fix

A possible fix could be to force a connection closure as soon as a correct
reply from the OCSP server has arrived, not sure if it's done in the correct
code-path anyway.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #2 from Ruediger Pluem <rpluem@apache.org> ---
(In reply to Giovanni Bechis from comment #1)
> Created attachment 37011 [details]
> Possible fix
>
> A possible fix could be to force a connection closure as soon as a correct
> reply from the OCSP server has arrived, not sure if it's done in the correct
> code-path anyway.

Maybe I misunderstood the issue. You are talking about the HTTP connection to
the OCSP server / responder, correct? But the patch disables the keepalive on
the connection to the client (e.g. the browser). If you want to disable the
keepalive on the connection to the OCSP server / have it closed after the
request IMHO the following patch should do it:

Index: ssl_util_ocsp.c
===================================================================
--- ssl_util_ocsp.c (revision 1873895)
+++ ssl_util_ocsp.c (working copy)
@@ -46,6 +46,7 @@
BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
"Host: %s:%d\r\n"
"Content-Type: application/ocsp-request\r\n"
+ "Connection: close\r\n"
"Content-Length: %d\r\n"
"\r\n",
uri->path ? uri->path : "/",

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #3 from Giovanni Bechis <giovanni@paclan.it> ---
You understood perfectly and your diff makes absolutely sense.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #4 from Ruediger Pluem <rpluem@apache.org> ---
(In reply to Giovanni Bechis from comment #3)
> You understood perfectly and your diff makes absolutely sense.

Can you confirm that the patch fixes your issue?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #5 from Giovanni Bechis <giovanni@paclan.it> ---
Yes, the patch fixes the issue.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #6 from Ruediger Pluem <rpluem@apache.org> ---
Commited to trunk as r1874007.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

Giovanni Bechis <giovanni@paclan.it> changed:

What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org