https://issues.apache.org/bugzilla/show_bug.cgi?id=54357
Alex Bligh <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #32010|0 |1 is obsolete| | --- Comment #13 from Alex Bligh <[email protected]> --- Created attachment 32021 --> https://issues.apache.org/bugzilla/attachment.cgi?id=32021&action=edit v2 Proof of concept patch to address the issue Attached is a revised proof of concept patch to address the issue. This moves the storage of the stapling information to the modssl_pk_server_t structure, and out of X509 ex_data, which is the source of the issue. It thus has a server lifetime. Please note this is COMPILE TESTED ONLY. IE I have not checked whether it actually works at all. Also note that I am almost entirely unfamiliar with OCSP. This addresses the following comments: - The patch is now against trunk - Rather than storing one set of stapling info per modssl_pk_server_t, there is now a hash based on the SHA1 digest of the certificate data - It's also even smaller than the previous attempt -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
