Re: svn commit: r1874007 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_util_ocsp.c

Fri, 14 Feb 2020 09:06:49 -0800 

Hi,

purely speculative, but does a:
   apr_table_set(headers, "Connection", "close");

around line 812 of md_oscp.c also makes sense?

CJ

Le 14/02/2020 à 10:38, [email protected] a écrit :

Author: rpluem
Date: Fri Feb 14 09:38:12 2020
New Revision: 1874007

URL: http://svn.apache.org/viewvc?rev=1874007&view=rev
Log:
* modules/ssl/ssl_util_ocsp.c (serialize_request): Set the Connection header
   to close to indicate that we do not want to keep the HTTP connection to the
   OCSP responder alive. We don't reuse the connections currently and if the
   OCSP responder keeps the connection alive this could cause us to wait for
   keepalive timeout of the OCSP responder to timeout until we finish our
   reading of the OCSP response.

PR: 64135


Modified:
     httpd/httpd/trunk/CHANGES
     httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c

Modified: httpd/httpd/trunk/CHANGES
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874007&r1=1874006&r2=1874007&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 14 09:38:12 2020
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.1
+ *) mod_ssl: Do not keep connections to OCSP responders alive when doing 
+     OCSP requests.  PR 64135.  [Ruediger Pluem]
+
    *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes 
github
       issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
       [Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c?rev=1874007&r1=1874006&r2=1874007&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c Fri Feb 14 09:38:12 2020
@@ -46,6 +46,7 @@ static BIO *serialize_request(OCSP_REQUE
      BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
                 "Host: %s:%d\r\n"
                 "Content-Type: application/ocsp-request\r\n"
+               "Connection: close\r\n"
                 "Content-Length: %d\r\n"
                 "\r\n",
                 uri->path ? uri->path : "/",

Reply via email to