OCSP (mod_ssl) mishandles responses for responders in specific situations. For example, if a responder sends NULL or blank data but does not close the connection, mod_ssl unexpectedly ends the response.
Further information about this issue is available at <ulink url="http://openssl.6102.n7.nabble.com/Decoding-OCSP-response-data-ASN1-D2I-READ-BIO-not-enough-data-td24437.html"/>
Additionally, OCSP does not work as expected when used in conjunction with an intermediate CA (Certification Authority), for example when a CA is used for Apache configuration.
Further information about this issue is available at <ulink url="https://issues.apache.org/bugzilla/show_bug.cgi?id=46037"/>
As a result of these problems, cretin OCSP responders do not work as expected with JBoss Enterprise Web Server and intermediary CAs also do not work as expected. These problems are fixed in JBoss Enterprise Web Server 2.0.1 using a patch. As a result of the fix, third party OCSP responders and intermediary CAs work as expected with JBoss Enterprise Web Server.