git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ocsp_force_default initialized with UNSET in httpd 2.4.34


It looks as if that was added when ylavic backported?

r1834089 has the change, but is supposed to be a merge of r1826995, r1827001 where this change is not present? (If i read that correctly).

> Am 18.07.2018 um 10:19 schrieb Frank Meier <frank.meier@xxxxxxxx>:
> 
> We experience a problem with OCSP since Apache HTTP Server 2.4.34. Certificates, which do include a OCSP responder URL and worked well with 2.4.33 are now reported that they don't. Log Message: "AH01918: no OCSP responder specified in certificate and no default configured".
> 
> After git bisect I found the commit which introduced this behaviour [1]. And more more precisely the line in "ssl_engine_config.c" where "ocsp_force_default" is initialized with "UNSET" where in 2.4.33 it was initialized with "FALSE". This is a problem, because "ocsp_force_default" is used in a if condition without comparison operator in ssl_engine_ocsp.c:64, therefore resulting in TRUE even it is UNSET.
> 
> I propose 2 ways of fixing this. Either let the initialization be like in 2.4.33 (ocsp-fix.patch) or compare the "ocsp_force_default" flag with "TRUE" where it is used (ocsp-fix2.patch).
> 
> [1] https://github.com/apache/httpd/commit/7c64b2e46820d5d7576d9f601142cd33c5c8c42b
> 
> Cheers, Frank
> <ocsp-fix.patch><ocsp-fix2.patch>




( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-developers/msg04301.html on line 86
Call Stack
#TimeMemoryFunctionLocation
10.0007364600{main}( ).../msg04301.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-developers/msg04301.html on line 86
Call Stack
#TimeMemoryFunctionLocation
10.0007364600{main}( ).../msg04301.html:0