Red Hat Bugzilla – Bug 987851
Multiple Issues with OCSP
Last modified: 2013-09-27 07:45:12 EDT
This bug also applies to EAP 6's distributed http packages.
+++ This bug was initially created as a clone of Bug #971861 +++
Description of problem:
OCSP (mod_ssl) does not properly handle responses properly to some responders.
- If a responder sends null or blank data (but dose not close the connection)
mod_ssl simply ends the response.
Issue best described by: http://openssl.6102.n7.nabble.com/Decoding-OCSP-response-data-ASN1-D2I-READ-BIO-not-enough-data-td24437.html
OCSP also does not work with an intermediate CA is in place (for Apache configuration)
Issue best described by: https://issues.apache.org/bugzilla/show_bug.cgi?id=46037
Diff is attached for both issues as well as fixed the init script handling
(it was changing files in the source directory which is really bad RPM practice).
--- Additional comment from Eric Rich on 2013-06-07 08:56:51 EDT ---
Also attaching test build of the patch.
--- Additional comment from Misha H. Ali on 2013-06-10 01:03:58 EDT ---
Is this a late addition for the JBEWS 2.0.1 release notes? Drafting a release note if this is the case. If not, please correct me.
Setting need info for Wei Nan to confirm the above and to ACK the doc text.
--- Additional comment from Jimmy Wilson on 2013-06-10 23:14:04 EDT ---
Per Permaine, we're including this for 2.0.1 CR as well. I'm assuming that's acceptable to all. Please ACK for inclusion.
--- Additional comment from Libor Fuka on 2013-06-24 02:57:37 EDT ---
Verified on EWS 2.0.1 CR3 on Solaris 10,11 (Intel 32,64, SPARC), Windows 2008 (32, 64) and Windows 2008 R2 (64 bit)
--- Additional comment from Michal Haško on 2013-06-26 04:54:13 EDT ---
- EWS 2.0.1 CR3 RHEL5 i386 zips
- EWS 2.0.1 CR3 RHEL5 x86_64 zips
- EWS 2.0.1 CR3 RHEL6 i386 zips
- EWS 2.0.1 CR3 RHEL6 x86_64 zips
--- Additional comment from Libor Fuka on 2013-06-28 03:50:26 EDT ---
zips here: https://bugzilla.redhat.com/show_bug.cgi?id=987851
Only relevant for RPMs, zip httpd is from EWS-2.0.1, which already includes this fix.
VERIFIED during EAP-6.1.1-ER4 testing cycle:
The patch is present and applied in srpm.