DO NOT REPLY [Bug 45522] New: OCSP URIs in mod_ssl: use default port and path (if not supplied explicitly)

bugzilla Fri, 01 Aug 2008 04:39:55 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=45522


           Summary: OCSP URIs in mod_ssl: use default port and path (if not
                    supplied explicitly)
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]
                CC: [EMAIL PROTECTED]


Created an attachment (id=22344)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22344)
Proposed patch

When parsing OCSP responder URIs, mod_ssl currently requires them to be in the
format

  http://responder.example.com:8888/responder

Certificates from public CAs frequently omit both the port number and the
url-path component in the AIA extension, however. I.e. we normally see certs
with OCSP URIs such as

  http://EVIntl-ocsp.verisign.com
  http://ocsp.entrust.net
  http://ocsp.quovadisglobal.com
  http://ocsp.comodoca.com

etc. With the attached patch, mod_ssl will use the default port for HTTP and
"/" as the url-path for these "short forms" of OCSP responder URIs.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 45522] New: OCSP URIs in mod_ssl: use default port and path (if not supplied explicitly)

Reply via email to