Created attachment 1229112 [details]
potential fix

Description of problem: When SSLOCSPEnable is set to On in global/server configuration, it is not inherited by VirtualHosts.

Version-Release number of selected component (if applicable): httpd-2.2.26-55.ep6.el6.x86_64

Steps to Reproduce:
This is a simplified reproducer that does not actually perform OCSP check but you can see logging where it at least gets into OCSP code:

1. Install httpd and mod_ssl

2. Add the following configurations in ssl.conf but outside of the VirtualHost. I did have to create a CA and client cert but the Responder URL goes to nowhere.

SSLCACertificateFile /tmp/cacert.crt
SSLVerifyClient require
SSLVerifyDepth 1
SSLOCSPEnable On
SSLOCSPDefaultResponder http://localhost:9999/
SSLOCSPOverrideResponder On

3. Send request with a certificate signed by the /tmp/cacert.crt

  # curl -I -E ./cert.crt:test --key ./privkey.key -k https://localhost/
  HTTP/1.1 200 OK

4. The request above succeeds but should not because the OCSP responder is unreachable and cert cannot be validated. 


Additional info:
If I move the configurations inside the VirtualHost, failure happens as expected and SSL handshake is not completed. 

A patch is attached that works for me. Patch was generated for httpd-2.2.26-55.ep6.el6.x86_64