Created attachment 758152 [details]
Full diff for patch
Description of problem:
OCSP (mod_ssl) does not properly handle responses properly to some responders.
- If a responder sends null or blank data (but dose not close the connection)
mod_ssl simply ends the response.
Issue best described by: http://openssl.6102.n7.nabble.com/Decoding-OCSP-response-data-ASN1-D2I-READ-BIO-not-enough-data-td24437.html
OCSP also does not work with an intermediate CA is in place (for Apache configuration)
Issue best described by: https://issues.apache.org/bugzilla/show_bug.cgi?id=46037
Diff is attached for both issues as well as fixed the init script handling
(it was changing files in the source directory which is really bad RPM practice).
Created attachment 758153 [details]
Also attaching test build of the patch.
Is this a late addition for the JBEWS 2.0.1 release notes? Drafting a release note if this is the case. If not, please correct me.
Setting need info for Wei Nan to confirm the above and to ACK the doc text.
Per Permaine, we're including this for 2.0.1 CR as well. I'm assuming that's acceptable to all. Please ACK for inclusion.
Verified on EWS 2.0.1 CR3 on Solaris 10,11 (Intel 32,64, SPARC), Windows 2008 (32, 64) and Windows 2008 R2 (64 bit)
- EWS 2.0.1 CR3 RHEL5 i386 zips
- EWS 2.0.1 CR3 RHEL5 x86_64 zips
- EWS 2.0.1 CR3 RHEL6 i386 zips
- EWS 2.0.1 CR3 RHEL6 x86_64 zips
*** Bug 972040 has been marked as a duplicate of this bug. ***
It was built for RHEL6 EWS 2.0.1.
Closing (and moving to https://bugzilla.redhat.com/show_bug.cgi?id=1012925)