https://bz.apache.org/bugzilla/show_bug.cgi?id=58826
Bug ID: 58826
Summary: OCSP Stapling does not resolve DNS
Product: Apache httpd-2
Version: 2.4.18
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
I have configured an OCSP responder with OpenSSL 1.0.2d for testing purposes.
In Apache 2.4.18 a have the fallowing configurations:
SSLUseStapling on
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling_cache(128000)
SSLStaplingStandardCacheTimeout 60
SSLStaplingForceURL http://127.0.0.1
#SSLStaplingForceURL http://cafe.ro
And in the /etc/hosts file I have:
127.0.0.1 localhost cafe.ro
When the OCSP URL is set to http://127.0.0.1 Apache send OCSP Request messages
so everything seems to be OK.
The problem is that when the OCSP URL is set to http://cafe.ro Apache does not
send OCSP Requests anymore so I assume that it doesn't resolve DNS.
Does anybody know which is the problem??
These errors are from apache error.log
[ssl:error] [pid 12647:tid 139684667709184] (111)Connection refused: [client
127.0.0.1:48742] AH01974: could not connect to OCSP responder 'cafe.ro'
[ssl:error] [pid 12647:tid 139684667709184] AH01941: stapling_renew_response:
responder error
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
