On 2/14/20 6:05 PM, Marion & Christophe JAILLET wrote: > Hi, > > purely speculative, but does a: > apr_table_set(headers, "Connection", "close"); > > around line 812 of md_oscp.c also makes sense? > I think it makes absolutely sense. Giovanni
> CJ > > Le 14/02/2020 à 10:38, rpl...@apache.org a écrit : >> Author: rpluem >> Date: Fri Feb 14 09:38:12 2020 >> New Revision: 1874007 >> >> URL: http://svn.apache.org/viewvc?rev=1874007&view=rev >> Log: >> * modules/ssl/ssl_util_ocsp.c (serialize_request): Set the Connection header >> to close to indicate that we do not want to keep the HTTP connection to >> the >> OCSP responder alive. We don't reuse the connections currently and if the >> OCSP responder keeps the connection alive this could cause us to wait for >> keepalive timeout of the OCSP responder to timeout until we finish our >> reading of the OCSP response. >> >> PR: 64135 >> >> >> Modified: >> httpd/httpd/trunk/CHANGES >> httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c >> >> Modified: httpd/httpd/trunk/CHANGES >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874007&r1=1874006&r2=1874007&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/CHANGES [utf-8] (original) >> +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 14 09:38:12 2020 >> @@ -1,6 +1,9 @@ >> -*- coding: utf-8 >> -*- >> Changes with Apache 2.5.1 >> + *) mod_ssl: Do not keep connections to OCSP responders alive when doing >> + OCSP requests. PR 64135. [Ruediger Pluem] >> + >> *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes >> github >> issue mod_md#172 (https://github.com/icing/mod_md/issues/172). >> [Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing] >> >> Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c?rev=1874007&r1=1874006&r2=1874007&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c (original) >> +++ httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c Fri Feb 14 09:38:12 2020 >> @@ -46,6 +46,7 @@ static BIO *serialize_request(OCSP_REQUE >> BIO_printf(bio, "%s%s%s HTTP/1.0\r\n" >> "Host: %s:%d\r\n" >> "Content-Type: application/ocsp-request\r\n" >> + "Connection: close\r\n" >> "Content-Length: %d\r\n" >> "\r\n", >> uri->path ? uri->path : "/", >> >>