Bug 987851 - Multiple Issues with OCSP
Multiple Issues with OCSP
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Apache Server (httpd) and Connectors (Show other bugs)
6.0.1
Unspecified All
unspecified Severity high
: ER4
: EAP 6.1.1
Assigned To: Mladen Turk
:
Depends On: 971861 1012925
Blocks: 972040
  Show dependency treegraph
 
Reported: 2013-07-24 05:55 EDT by Ingo Weiss
Modified: 2013-09-27 07:45 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 971861
Environment:
Last Closed: 2013-09-16 16:30:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ingo Weiss 2013-07-24 05:55:33 EDT
This bug also applies to EAP 6's distributed http packages.

+++ This bug was initially created as a clone of Bug #971861 +++

Description of problem:

OCSP (mod_ssl) does not properly handle responses properly to some responders.
   - If a responder sends null or blank data (but dose not close the connection)
     mod_ssl simply ends the response. 
   Issue best described by: http://openssl.6102.n7.nabble.com/Decoding-OCSP-response-data-ASN1-D2I-READ-BIO-not-enough-data-td24437.html

OCSP also does not work with an intermediate CA is in place (for Apache configuration)  

   Issue best described by: https://issues.apache.org/bugzilla/show_bug.cgi?id=46037


Diff is attached for both issues as well as fixed the init script handling 
   (it was changing files in the source directory which is really bad RPM practice).

--- Additional comment from Eric Rich on 2013-06-07 08:56:51 EDT ---

Also attaching test build of the patch.

--- Additional comment from Misha H. Ali on 2013-06-10 01:03:58 EDT ---

Is this a late addition for the JBEWS 2.0.1 release notes? Drafting a release note if this is the case. If not, please correct me.

Setting need info for Wei Nan to confirm the above and to ACK the doc text.

--- Additional comment from Jimmy Wilson on 2013-06-10 23:14:04 EDT ---

Per Permaine, we're including this for 2.0.1 CR as well.  I'm assuming that's acceptable to all.  Please ACK for inclusion.

--- Additional comment from Libor Fuka on 2013-06-24 02:57:37 EDT ---

Verified on EWS 2.0.1 CR3 on Solaris 10,11 (Intel 32,64, SPARC), Windows 2008 (32, 64) and Windows 2008 R2 (64 bit)

--- Additional comment from Michal Haško on 2013-06-26 04:54:13 EDT ---

VERIFIED on
 - EWS 2.0.1 CR3 RHEL5 i386 zips
 - EWS 2.0.1 CR3 RHEL5 x86_64 zips
 - EWS 2.0.1 CR3 RHEL6 i386 zips
 - EWS 2.0.1 CR3 RHEL6 x86_64 zips
 - httpd-2.2.22-23.ep6.el5.src.rpm
 - httpd-2.2.22-23.ep6.el6.src.rpm

--- Additional comment from Libor Fuka on 2013-06-28 03:50:26 EDT ---
Comment 1 Weinan Li 2013-07-27 06:40:40 EDT
zips here: https://bugzilla.redhat.com/show_bug.cgi?id=987851
Comment 2 Michal Haško 2013-08-08 05:23:19 EDT
Only relevant for RPMs, zip httpd is from EWS-2.0.1, which already includes this fix.

VERIFIED during EAP-6.1.1-ER4 testing cycle:
httpd-2.2.22-25.ep6.el5.src.rpm
httpd-2.2.22-25.ep6.el6.src.rpm

The patch is present and applied in srpm.

Note You need to log in before you can comment on or make changes to this bug.